Grazy Mos Posted November 22, 2006 Share Posted November 22, 2006 I really got some serious doubt about the safety of jasperintelligence, for the sake of testing i installed a clean version of jasperintelligence, ireport with the plugin. When I created a reportunit in jasperintelligence I could see it and run it in ireport. But when i was trying to delete the unit or any other random folder it did it without a warning/error. I also was able to add new reportunit. If i was logged as a administrator it would be fine but i was logged in at ireports as a USER! As far as i am aware users couldnt do this in jasperintelligence. So is this a bug? or am i missing something? Thanks in advance, NielsPost edited by: Grazy Mos, at: 2006/11/22 14:16 Link to comment Share on other sites More sharing options...
Grazy Mos Posted November 23, 2006 Author Share Posted November 23, 2006 Update After reinstalling iReports and jasperintelligence it several times it, the ireportplugin still has more rights then i should have. I also tested the ireport plugin on a "clean" pc, same problem. I supspect that my jasperIntelligence doesnt handle the roles correctly. Or that some kind of admin cookie is stored within jasperIntelligence I would really want to know if the same problems happen on other jasperIntelligence machines, If someone could test it out and give me the results, Thanks, Niels Link to comment Share on other sites More sharing options...
Grazy Mos Posted November 27, 2006 Author Share Posted November 27, 2006 I hate to bumb things but its so important to know if its only on my system or that this is a true bug Link to comment Share on other sites More sharing options...
swood Posted November 28, 2006 Share Posted November 28, 2006 I'll ask Giulio about this. ShermanJasperSoft Link to comment Share on other sites More sharing options...
Grazy Mos Posted November 28, 2006 Author Share Posted November 28, 2006 Thank you, please note thats the bug is probably not only on the plugin side, but more likely in the security settings of jasperintelligence. Even if the plugin request a create/edit/delete action to jasperintelligence he should refuse it, when logged in as a user. Link to comment Share on other sites More sharing options...
Grazy Mos Posted December 4, 2006 Author Share Posted December 4, 2006 Any news from Giulio? Link to comment Share on other sites More sharing options...
Giulio Toffoli Posted December 12, 2006 Share Posted December 12, 2006 Hi Grazy I'm writing some Unit tests to check all the permission checks in the webservices. I think the problem is related to a missing check of the permission level in the Webservice code. In other words if you can access a resource, the ws let you do what you want. Anyway, I'm not yet sure about that. I'll let you know soon. Giulio Link to comment Share on other sites More sharing options...
Grazy Mos Posted January 30, 2007 Author Share Posted January 30, 2007 I am pretty sure thats the problem Did you found the cause yet? and could we expect its fixed in the new release? Grazy, Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now