Closed hurray456 closed 7 years ago
config Role and authority settings https://github.com/billchen198318/bamboobsc/blob/master/core-doc/dev-docs/06-RoleAndAuthoritySettings.md
settings Menu settings for Role https://github.com/billchen198318/bamboobsc/blob/master/core-doc/dev-docs/05-ProgramRegistrationAndMenuSettings.md
Hy,
there is a way to leak information of the database. While using the Query Chart even unprivileged users can execute SQL-commands through the query expression field. An attacker can retrieve every dataset, user-names and even hashed passwords. A fix would be to shut off or limit the usage of the plain query field.
best regards.