mugle-dev team mailing list archive

Thread
Date

[Bug 788083] [NEW] Anyone can request private games for a given devteam

To: mugle-dev@xxxxxxxxxxxxxxxxxxx
From: Matt Giuca <788083@xxxxxxxxxxxxxxxxxx>
Date: Wed, 25 May 2011 12:17:26 -0000
Reply-to: Bug 788083 <788083@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

Currently, the DevTeamService.getGames has a boolean to ask for public
or private. This is necessary because the dev team edit page contains
the full list. Note that since we have no security on viewing things at
all (pretty much), there is no point fixing this until then.

** Affects: mugle
     Importance: Medium
         Status: Triaged


** Tags: security

-- 
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/788083

Title:
  Anyone can request private games for a given devteam

Status in Melbourne University Game-based Learning Environment:
  Triaged

Bug description:
  Currently, the DevTeamService.getGames has a boolean to ask for public
  or private. This is necessary because the dev team edit page contains
  the full list. Note that since we have no security on viewing things
  at all (pretty much), there is no point fixing this until then.

Follow ups

[Bug 788083] Re: Anyone can request private games for a given devteam
From: Matt Giuca, 2011-05-25
[Bug 788083] [NEW] Anyone can request private games for a given devteam
From: Matt Giuca, 2011-05-25

References

[Bug 788083] [NEW] Anyone can request private games for a given devteam
From: Matt Giuca, 2011-05-25