Closed blanchardjeremy closed 11 years ago
get_obj, generic_lookup, and get-generic_rel_list can all be called by an anonymous user since there are no permission checks on them. This is a security hole that could be exploited sometime in the future if they knew what URL to request.
Moved to JIRA
blanchardjeremy
commented
11 years ago
get_obj, generic_lookup, and get-generic_rel_list can all be called by an anonymous user since there are no permission checks on them. This is a security hole that could be exploited sometime in the future if they knew what URL to request.