A user could access any page if they knew the URL without authenticating. Users are now redirected to the login page if they try to access another page without being logged in.
This patch requires that the User roles, PUA and RLS patches be applied first
James
Indeed. Siremis authentication can be bypassed.
It would be nice if that patch would be applied soon.
Thanks Klaus
Am 09.09.2011 18:51, schrieb James Wyatt:
A user could access any page if they knew the URL without authenticating. Users are now redirected to the login page if they try to access another page without being logged in.
This patch requires that the User roles, PUA and RLS patches be applied first
James
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
shouldn't we call it a security fix?
Am 09.09.2011 18:51, schrieb James Wyatt:
A user could access any page if they knew the URL without authenticating. Users are now redirected to the login page if they try to access another page without being logged in.
This patch requires that the User roles, PUA and RLS patches be applied first
James
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
-
Henning Westerholt -
James Wyatt -
Klaus Darilion