id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,drp_resources,i_links,o_links,remaining_time,sprint 232,Session accessing code can disable read security,jamoore,jamoore,"Since read security is based on filters and the Hibernate session provides methods to disable filters, thereby turning read security off. This implies that class-based queries are, in general, dangerous. One fix would be to wrap the Session with a proxy and catch all calls to disable filters. (The proxy would probably also need to implement `SessionImplementor`). ",task,new,major,GatherReqs,Security,3.0-M3,,"hibernate,filters,sessions",,,,,,