mugle-dev team mailing list archive

Thread
Date

Re: [Bug 786016] Re: Direct Access to Services from client side

To: mugle-dev@xxxxxxxxxxxxxxxxxxx
From: Scott Ritchie <s.ritchie73@xxxxxxxxx>
Date: Wed, 25 May 2011 13:42:30 -0000
Reply-to: Bug 786016 <786016@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I dont think, this is a non-issue, once security is implemented
properly.

On Wed, May 25, 2011 at 11:32 PM, Matt Giuca
<786016@xxxxxxxxxxxxxxxxxx>wrote:

> Can someone figure out if this is still an issue? I don't want old bugs
> lying around if they are not real concerns.
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/786016
>
> Title:
>  Direct Access to Services from client side
>
> Status in Melbourne University Game-based Learning Environment:
>   Triaged
>
> Bug description:
>  While Prageeth has coded the casting of shared objects to datastore
>  objects to have security checks, these can be bypassed by calling the
>  shared services directly.  The type of these classes should be changed
>  to Protected if possible to avoid this
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/mugle/+bug/786016/+subscribe
>

-- 
You received this bug notification because you are a member of MUGLE
Developers, which is a direct subscriber.
https://bugs.launchpad.net/bugs/786016

Title:
  Direct Access to Services from client side

Status in Melbourne University Game-based Learning Environment:
  Triaged

Bug description:
  While Prageeth has coded the casting of shared objects to datastore
  objects to have security checks, these can be bypassed by calling the
  shared services directly.  The type of these classes should be changed
  to Protected if possible to avoid this

References

[Bug 786016] [NEW] Direct Access to Services from client side
From: Scott Ritchie, 2011-05-20
[Bug 786016] Re: Direct Access to Services from client side
From: Matt Giuca, 2011-05-25