portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Dimon" <mark.di...@btinternet.com>
Subject jetspeed security broken [non-existant] nightly build 2002-06-09
Date Mon, 10 Jun 2002 15:32:05 GMT
Hi,

If you fire-up the lastest nightly build and type the url

http://localhost:8080/jetspeed/portal/user/admin
the you go straight to the admin screen even though you are a logged out anon user,

none of the portlets are active or will display there contents , but this is surely wrong
should you not be sent to the anon psml.

also

http://localhost:8080/jetspeed/portal/user/turbine

takes you straight to the turbine users screen , you can't edit the portals but you can still
see the information directed to a particular user. 


Is this due to the CVS being in a state of flux at the moment , or is it a bug?


Regards mark.



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message