continuum-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marcio Frayze David <mfda...@gmail.com>
Subject Weird security bug?
Date Wed, 27 Feb 2013 16:43:35 GMT
I'm running version 1.3.8 build number 1164847.

If I edit a role of somebody, the options I'm not supposed to be able
to grant are disabled by default. But as far as I can tell, there is
no server-side verification... so if I just edit the html code on
runtime on my client side and erase the "disabled" of the checkbox, I
can grant anything to anyone...

Hope this is already fixed in some newer release. Anyway, I'm very
disappointed with the quality of this software.

Cya.

Mime
View raw message