[Erp5-dev] Security Problem

erp5-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Erp5-dev] Security Problem

From:	Klaus Wölfel
Subject:	[Erp5-dev] Security Problem
Date:	Wed, 28 Sep 2005 11:28:58 +0100

Hello,

while working on a patch to remove the came_from attribute from the
login_form url when accessing ERP5 after being logged out I
encountered another problem that I can only reproduce irregularly:
Sometimes when I log out in another browser window and after that
access another path in ERP5, It doesent'show the login_form but lets
me view the normal view of the object I tried to access. The only
difference is, that when I access a folder, it doesen't show the
contained objects which indicates that ZSQLCatalog knows, that I am
logged out.

I made sure that I have been logged out from ERP5 as well as from Zope
and Ihad diffrent user names in Zope and ERP5.

The strange thing is, that even when I'm doing this the same way it
seems that this problem occurs only once in about 5 to 10 times.

Any idea anyone?

Klaus

[Prev in Thread]

Current Thread

[Next in Thread]

[Erp5-dev] Security Problem, Klaus Wölfel <=

Prev by Date: [Erp5-dev] address@hidden@(B
Next by Date: [Erp5-dev] $B!y=EMW!y(B
Previous by thread: [Erp5-dev] address@hidden@(B
Next by thread: [Erp5-dev] $B!y=EMW!y(B
Index(es):
- Date
- Thread