webERP Forum webERP Discussion Problems / Bugs? v
*** Serious vulnerability

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
*** Serious vulnerability
02-19-2014, 10:24 PM,
#10
icedlava Offline
Senior Member
****
 		Posts: 80
Threads: 9
Joined: Sep 2012
RE: Potential vulnerability
I have commented out the $AllowAnyone= true;

This fixes the immediate security issue - it allows anyone to use if required by temporarily uncommenting that line; and fixes security for those that have the fix ...

I am interested to look at the code surrounding this further in relation to login and connectdb. Further I will look at a solution for logged in users for the function in question.

Phil, there could be a solution if you need to access it from your macro but I'm not familiar with libre office macros.

Cheers,
Find
Reply


Messages In This Thread
*** Serious vulnerability - by Forums - 02-15-2014, 10:46 PM
RE: Potential vulnerability - by agaluski - 02-18-2014, 12:00 AM
RE: Potential vulnerability - by Forums - 02-18-2014, 12:33 AM
RE: Potential vulnerability - by icedlava - 02-19-2014, 06:00 PM
RE: Potential vulnerability - by phil - 02-19-2014, 06:24 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 06:30 PM
RE: Potential vulnerability - by Forums - 02-19-2014, 07:28 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 08:55 PM
RE: Potential vulnerability - by Forums - 02-19-2014, 09:12 PM
RE: Potential vulnerability - by icedlava - 02-19-2014, 10:24 PM
RE: *** Serious vulnerability - by Forums - 02-19-2014, 10:30 PM
RE: *** Serious vulnerability - by icedlava - 02-19-2014, 10:38 PM
RE: *** Serious vulnerability - by Forums - 02-19-2014, 11:22 PM
RE: *** Serious vulnerability - by jo lwebuga - 02-20-2014, 02:35 AM
RE: *** Serious vulnerability - by phil - 02-20-2014, 01:00 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)