← Back to team overview

mugle-dev team mailing list archive

  1. mugle-dev team
  2. Mailing list archive
  3. Message #00277

[Bug 786016] [NEW] Direct Access to Services from client side

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Public security bug reported:

While Prageeth has coded the casting of shared objects to datastore
objects to have security checks, these can be bypassed by calling the
shared services directly.  The type of these classes should be changed
to Protected if possible to avoid this

** Affects: mugle
     Importance: Medium
         Status: New

** Visibility changed to: Public

** Changed in: mugle
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786016

Title:
  Direct Access to Services from client side

Status in Melbourne University Game-based Learning Environment:
  New

Bug description:
  While Prageeth has coded the casting of shared objects to datastore
  objects to have security checks, these can be bypassed by calling the
  shared services directly.  The type of these classes should be changed
  to Protected if possible to avoid this

Follow ups

References

  Thread PreviousDate PreviousThread Next