mugle-dev team mailing list archive
-
mugle-dev team
-
Mailing list archive
-
Message #00380
[Bug 788083] [NEW] Anyone can request private games for a given devteam
*** This bug is a security vulnerability ***
Private security bug reported:
Currently, the DevTeamService.getGames has a boolean to ask for public
or private. This is necessary because the dev team edit page contains
the full list. Note that since we have no security on viewing things at
all (pretty much), there is no point fixing this until then.
** Affects: mugle
Importance: Medium
Status: Triaged
** Tags: security
--
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/788083
Title:
Anyone can request private games for a given devteam
Status in Melbourne University Game-based Learning Environment:
Triaged
Bug description:
Currently, the DevTeamService.getGames has a boolean to ask for public
or private. This is necessary because the dev team edit page contains
the full list. Note that since we have no security on viewing things
at all (pretty much), there is no point fixing this until then.
Follow ups
References