Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Bug #397 (closed)

Opened 18 years ago

Closed 18 years ago

SecuritySystem.runAsAdmin and doAction should NOT take detached objects.

Reported by: jamoore Owned by: jamoore
Priority: critical Cc:
Sprint: n.a.
Total Remaining Time: n.a.

Description

Currently it's possible for SecuritySystem API consumers to mistakenly pass a detached (untrusted) entity into the runAsAdmin() or doAction() methods. This could violate much of the security system.

Change History (2)

comment:1 Changed 18 years ago by jmoore

r1005 makes it much more difficult to exploit this.

runAsAdmin can no longer use merge() meaning that the state of detached objects cannot be sent directly to the db. doAction will no longer accept detached entities whatsoever. (A similar approach for runAsAdmin would have been more safe, but is not possible.)

However, it is still possible that a service provider forgets to untaint objects. This is especially important for IAdmin. All methods must reload the entities from the DB. In fact, a @Untaint annotation would possibly be sensible (see #399).

comment:2 Changed 18 years ago by jmoore

  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.64618 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!