on 04-05-2016 10:20 AM
Hi All,
If I add a portal iview/page as a browser favorite in one system, it's saved with a navigation short url in the browser favorite.
Now, if I change the portal url to another system and access the favorite, I can still get to that iview/page though the role is not assigned to me in UM.
Something like this:
It looks like a security risk to me.
Is it possible to prevent this? Short urls cannot be disabled now, because users have already been using this feature.
Any ideas/solutions/workarounds are appreciated.
Thanks in advance,
Raj
Hi Raj,
I have tested it on the same system with different users and the issue doesn't reproduce.
Make sure that you have logged off of all sessions in your browser.
BR,
Saar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Saar. I should've also said, it does ask you to login, and after logging in you're taken to that iview/page though you dont have the role assigned.
Also, is the bookmark generated with short url?
So, steps to reproduce:
1)Login with user1
2)browse to an iview/page in role1
3)Add to browser favorite
4)Logoff
5)Open the favorite
6)Login with user2 who doesn't have role1
7)You should be navigated to the iview/page (though you will not see the role in TLN)
Hope that's clear. But if you can't still reproduce that can only mean there's a setting somewhere which restricts this behavior. And if you happen to know that, please let me know.
And I've tried this on different machines & different logins, by passing on the bookmark to someone else.
Thanks again.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.