[Registry-dev] [jira] Commented: (REGISTRY-200) Anonymous user can
edit anonymous user's friendly name or password.
Glen Daniels (JIRA)
jira at wso2.org
Tue Feb 5 21:44:00 PST 2008
[ http://wso2.org/jira/browse/REGISTRY-200?page=comments#action_15379 ]
Glen Daniels commented on REGISTRY-200:
---------------------------------------
While it's true anonymous users shouldn't be able to edit, it's also true that no one should be able to edit the password or friendly name of the anonymous user at all, right?
> Anonymous user can edit anonymous user's friendly name or password.
> -------------------------------------------------------------------
>
> Key: REGISTRY-200
> URL: http://wso2.org/jira/browse/REGISTRY-200
> Project: WSO2 Registry
> Issue Type: Bug
> Components: Authorizations
> Affects Versions: SNAPSHOT
> Environment: Ubuntu 7.10, JDK 1.5.0_08, tomcat 6.0.14, Firefox/2.0.0.8
> Reporter: Krishantha Samaraweera
> Assigned To: Chathura Ekanayake
>
> How to recreate:
> 1. load the registry system.
> 2. go to peoples page as anonymous user.
> 3. click on to anonymous user name.
> 4. in next page you can edit password and friendly name.
> Anonymous users should not allowed to edit password or friendly name of any user.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the Registry-dev
mailing list