163834 – Java Security for System Profiles

Bug 163834 - Java Security for System Profiles

Summary: Java Security for System Profiles

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Network
Classification:	Retired
Component:	RHN/R&D
Sub Component:
Version:	RHN Devel
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Ken Ganong
QA Contact:	Mike McCune
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	147875
TreeView+	depends on / blocked

Reported:	2005-07-21 14:35 UTC by Ken Ganong
Modified:	2007-04-18 17:29 UTC (History)
CC List:	1 user (show)
Fixed In Version:	RHN 4.0.0
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-09-01 02:35:24 UTC
Embargoed:

Attachments	(Terms of Use)

Description Ken Ganong 2005-07-21 14:35:58 UTC

Currently, the java code does not test whether a system profile is actually
viewable by the logged in user.  Go to Systems->click a
system->Packages->Profiles ->Compare to Profile.  Here, you can change the prid
in the url and access another person's profile (or at least produce a 500 error).

Comment 1 Mike McCune 2005-07-22 21:19:48 UTC

Moving to rhn400-must instead of toplevel.  Ken, this will need a test plan.

Comment 2 Ken Ganong 2005-07-25 14:46:16 UTC

Test Plan

Find an id for a system profile of a different org.  Note: System Profiles are
restricted by org, not by user because of limitations of our current data model.

Login->Go to Systems->Click a system->Packages->Profiles->Compare to Profile->
modify the url so that the prid parameter equals the system profile you found in
the first step.

Expected Results: Lookup Error Page
Failure Results: A diff between the system and profile or 500 error.

Comment 3 Mike McCune 2005-07-29 23:36:30 UTC

will qa this

Comment 4 Mike McCune 2005-07-29 23:40:50 UTC

works fine. prod_ready.

Note You need to log in before you can comment on or make changes to this bug.