User "Anonymous" can take (and keep) room keys

Status: Beta

Brought to you by: groovyturtle, schuemm

#26 User "Anonymous" can take (and keep) room keys

Status: open

Owner: nobody

Labels: None

Priority: 9

Updated: 2008-04-15

Created: 2008-04-15

Creator: Uwe Sinha

Private: No

An anonymous user can take keys "hung" to a room. If that key has sufficient privilege, any person in the world can deposit files in a CURE room and make them accessible to anyone else in the world. This way, a CURE installation can easily be abused as a host for illegal or otherwise dubious material.

Suggested short-term solution: explicitly forbid Anonymous to take or receive any key.

Suggested very short-term solution: forbid anonymous browsing in general.

Long-term solution: rethink the role of the Anonymous user.

Discussion

Uwe Sinha - 2008-04-15

priority: 5 --> 9
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

User "Anonymous" can take (and keep) room keys

Group

Searches

Help

#26 User "Anonymous" can take (and keep) room keys

Discussion