Project

General

Profile

action #589

Fix security hole with uploaded files

Added by ancorgs about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Category:
Development
Start date:
2013-07-11
Due date:
% Done:

100%

Estimated time:

Description

With the current implementation, uploaded files (which includes invoices and signed reimbursements) are not protected by access control. An attacker only needs to guess the url (which is not easy, anyway) to read sensible information.

History

#1 Updated by ancorgs about 9 years ago

  • % Done changed from 0 to 100
  • Status changed from New to Closed

Fixed.

Also available in: Atom PDF