archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joakim Erdfelt <joa...@erdfelt.com>
Subject Re: Access denied WebDAV repository
Date Tue, 27 Mar 2007 15:35:36 GMT
This is a confusing mess of roles ATM.

You just pointed out a flaw in the design of the security.

The roles that the Guest user has are not copied (or linked) to new users.

It is quite possible for new users to have *LESS* permission than a
guest (anonymous) user!

I just discussed this with my partner in security crime, Jesse
McConnell, and we are working on a solution to this oversight.

- Joakim Erdfelt

Markus Reil wrote:
> Hi,
>
> I built archiva from trunk rev. 521889.
> If I assign the role Repository Observer to Guest I can access the
> repository but I a newly created user.
> The user I created does not have the "Validated" flag set in the User
> Management page. Is that the reason?
> Then how can I validate the user? Is an E-Mail confirmation needed?
> Unfortunately I am not able to send E-Mail from my server.
>
> Thanks in advance for any help.
>
> Best Regards,
> Markus
>
>   



Mime
View raw message