mugle-dev team mailing list archive
-
mugle-dev team
-
Mailing list archive
-
Message #00277
[Bug 786016] [NEW] Direct Access to Services from client side
*** This bug is a security vulnerability ***
Public security bug reported:
While Prageeth has coded the casting of shared objects to datastore
objects to have security checks, these can be bypassed by calling the
shared services directly. The type of these classes should be changed
to Protected if possible to avoid this
** Affects: mugle
Importance: Medium
Status: New
** Visibility changed to: Public
** Changed in: mugle
Importance: Undecided => Medium
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786016
Title:
Direct Access to Services from client side
Status in Melbourne University Game-based Learning Environment:
New
Bug description:
While Prageeth has coded the casting of shared objects to datastore
objects to have security checks, these can be bypassed by calling the
shared services directly. The type of these classes should be changed
to Protected if possible to avoid this
Follow ups
References