[Yanel-dev] Toolbar security hole?
Michael Wechner
michael.wechner at wyona.com
Wed Jan 16 09:36:26 CET 2008
Evaldas Taroza wrote:
> Hi everyone,
>
> I just noticed the following behavior with the yanel-website realm:
> 1. Click on the toolbar link
> 2. Log in
> 3. Toolbar appears
> 4. Select Yanel-Log out in the toolbar
> 5. The toolbar stays (with reduced functionality)
> 6. When you click on the toolbar link it asks to log in
>
> So 5 and 6 steps are conflicting.
very much agreed. The problem is not so grave, because you have to login
resp. get authorized before you get into this situation, but if you
leave your computer open and go for lunch then other people might sit at
your computer and might be able to do resp. see certain things, which
they are not supposed to.
Can you please a bugzilla entry as a blocker bug?
Cheers
Michi
>
> Evaldas
> _______________________________________________
> Yanel-development mailing list
> Yanel-development at wyona.com
> http://lists.wyona.org/cgi-bin/mailman/listinfo/yanel-development
--
Michael Wechner
Wyona - Open Source Content Management - Yanel, Yulup
http://www.wyona.com
michael.wechner at wyona.com, michi at apache.org
+41 44 272 91 61
More information about the Yanel-development
mailing list