[JC-954] Security improvements for DELETE action - JTalks JIRA

Voters

Watchers

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.20 Larks
Fix Version/s: 0.20 Larks
Labels:
None

Description

Send DELETE to uat.jtalks.org/jcommune/components without authorization (you can use some programs like this one)

Actual Result: response is OK, all topics are deleted.
Expected: Authorization error should happen.

Acceptance Criteria:
DELETE request should remove branch/section/component content (topics & posts) if it was triggered from the same machine.
DELETE request should not have affect if the request was sent from another IP.

Attachments

Issue Links

relates to

JC-859 Profile: 'Post count' doesn't change when branches/sections were deleted.

Closed

JC-970 Re-indexing is not secured

Closed

JC-971 Merge last updates of Spring Security to our patch

Open

Structure

Activity

People

Assignee:

Iakov Volfkovich

Reporter:

Julia Atlygina

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Due:

16/Sep/12

Created:

05/Sep/12 3:31 PM

Updated:

22/Sep/12 7:38 PM

Resolved:

16/Sep/12 2:09 PM

Time Tracking

Estimated:

Remaining:

Logged:

5.5h