mugle-dev team mailing list archive

Thread
Date

Re: [Bug 786594] [NEW] Upload service does not check permissions

To: mugle-dev@xxxxxxxxxxxxxxxxxxx
From: Scott Ritchie <s.ritchie73@xxxxxxxxx>
Date: Sun, 22 May 2011 16:13:58 -0000
Reply-to: Bug 786594 <786594@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I would suggest taking a look at the checkPermissions() method inside
GameFileServiceImpl - it should be almost identical to what you need.

On Mon, May 23, 2011 at 2:04 AM, Matt Giuca
<786594@xxxxxxxxxxxxxxxxxx>wrote:

> *** This bug is a security vulnerability ***
>
> Private security bug reported:
>
> A pretty glaring security bug that I don't have the time or expertise to
> fix at this stage. Currently, anybody can upload a file over the top of
> anybody else's game. This is fairly critical (I need to learn how to
> check permissions, or someone else needs to do it).
>
> ** Affects: mugle
>     Importance: Critical
>         Status: Triaged
>
>
> ** Tags: security
>
> --
> You received this bug notification because you are a member of MUGLE
> Developers, which is a direct subscriber.
> https://bugs.launchpad.net/bugs/786594
>
> Title:
>  Upload service does not check permissions
>
> Status in Melbourne University Game-based Learning Environment:
>  Triaged
>
> Bug description:
>  A pretty glaring security bug that I don't have the time or expertise
>  to fix at this stage. Currently, anybody can upload a file over the
>  top of anybody else's game. This is fairly critical (I need to learn
>  how to check permissions, or someone else needs to do it).
>
> --
> Mailing list: https://launchpad.net/~mugle-dev
> Post to     : mugle-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mugle-dev
> More help   : https://help.launchpad.net/ListHelp
>

-- 
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786594

Title:
  Upload service does not check permissions

Status in Melbourne University Game-based Learning Environment:
  Triaged

Bug description:
  A pretty glaring security bug that I don't have the time or expertise
  to fix at this stage. Currently, anybody can upload a file over the
  top of anybody else's game. This is fairly critical (I need to learn
  how to check permissions, or someone else needs to do it).

References

[Bug 786594] [NEW] Upload service does not check permissions
From: Matt Giuca, 2011-05-22