Project

General

Profile

Actions

action #589

closed

Fix security hole with uploaded files

Added by ancorgs over 11 years ago. Updated over 11 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Category:
Development
Start date:
2013-07-11
Due date:
% Done:

100%

Estimated time:

Description

With the current implementation, uploaded files (which includes invoices and signed reimbursements) are not protected by access control. An attacker only needs to guess the url (which is not easy, anyway) to read sensible information.

Actions

Also available in: Atom PDF