View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009554 | mantisbt | security | public | 2008-08-20 05:09 | 2009-06-26 12:02 |
Reporter | augur | Assigned To | jreese | ||
Priority | normal | Severity | major | Reproducibility | sometimes |
Status | closed | Resolution | duplicate | ||
Platform | IIS 6.0 PHP 5 | OS | Windows XP SP2 | OS Version | 1.1.1 |
Product Version | 1.1.1 | ||||
Summary | 0009554: Within a proxy enviroment users get the screens of other users | ||||
Description | A customer of us uses a proxy and sometime the user get a screen (like the error reporting view) as another user. He could enter an error for a project he has not rights to do so (project ist private). This is strange...although when he gets the page, he should get an error from mantis, because of less access rights. But this is not catched by mantis. | ||||
Tags | No tags attached. | ||||
This should be fixed in 1.1.3 once it is released. In the meantime, you can try setting up your proxy to not cache any pages from Mantis, which should solve the problem in the meantime. |
|
This is sadly not easy possible for me, because it is a customer proxy. Could you tell me the important change, so I can add it to our 1.1.1 version of mantis by hand. Thanks a lot. |
|
http://mantisbt.svn.sourceforge.net/viewvc/mantisbt?view=rev&revision=5457 |
|
Hi. Thanks a lot, I fix it and wait now for the official release. Could I close the issue somewhere??? |
|
Marking as a duplicate of 0009323. |
|