Parameters set in the application or page configuration should be able to set to read only.

tel8618217223380 / prado3

Automatically exported from code.google.com/p/prado3

Other

0 stars 0 forks source link

Parameters set in the application or page configuration should be able to set to read only. #295

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
A parameter set in the application configuration, can be changed in the home 
Pages folder configuration file, and then changed again in a sub folder 
configuration file.

What is the expected output? What do you see instead?
For security, parameters should have a read only or finalized state so that 
they cannot be overridden by further down the chain configurations or some 
varieties of system compromise.

This issue is not a flaw that exposes users to any specific risk.  This is just 
a suggested enhancement for increasing the security performance of the platform.

Please use labels and text to provide additional information.

Original issue reported on code.google.com by javalizard@gmail.com on 6 Oct 2010 at 7:39

GoogleCodeExporter commented 9 years ago

1. Do you have any idea on how to protect a parameter of application.php of 
from being overridden?
2. I think some parameters in application.php need to override as well. So we 
will need 2 types of parameter (override / not-override)?

Original comment by lon...@gmail.com on 7 Oct 2010 at 4:59

GoogleCodeExporter commented 9 years ago

1. a final meta property of a parameter could protected it once the config is 
read into the app, just like the xml version.  This is a high level security 
feature.  If php is hacked, file access is compromised at the proper level 
(which for many systems file ownership/rights is not distinct), or some such, 
but this will lock down these variables during execution.
2. please create a new issue for the parameter override enhancement.  Please 
include a use case if you can.

Original comment by javalizard@gmail.com on 7 Oct 2010 at 5:58

GoogleCodeExporter commented 9 years ago

Original comment by javalizard@gmail.com on 7 Oct 2010 at 5:59

Added labels: Type-Enhancement
Removed labels: Type-Defect

GoogleCodeExporter commented 9 years ago

Original comment by ctrlal...@gmail.com on 25 Jun 2012 at 1:56

Added labels: Milestone-3.2.1
Removed labels: Milestone-3.2a

GoogleCodeExporter commented 9 years ago

Original comment by ctrlal...@gmail.com on 21 Jan 2013 at 7:03

Added labels: Milestone-3.2.2
Removed labels: Milestone-3.2.1

GoogleCodeExporter commented 9 years ago

Original comment by ctrlal...@gmail.com on 24 Jul 2013 at 1:46

Added labels: Milestone-3.2.3
Removed labels: Milestone-3.2.2

GoogleCodeExporter commented 9 years ago

Moved to github: https://github.com/pradosoft/prado/issues

Original comment by ctrlal...@gmail.com on 1 Oct 2013 at 10:14

Changed state: WontFix