Task #232 (new)
Session accessing code can disable read security
|Reported by:||jamoore||Owned by:||jamoore|
Since read security is based on filters and the Hibernate session provides methods to disable filters, thereby turning read security off. This implies that class-based queries are, in general, dangerous.
One fix would be to wrap the Session with a proxy and catch all calls to disable filters. (The proxy would probably also need to implement SessionImplementor).