Browse Source

ISLANDORA-780

Documenting potential security issue.
pull/207/head
willtp87 12 years ago
parent
commit
d98514febc
  1. 7
      README

7
README

@ -7,3 +7,10 @@ https://wiki.duraspace.org/display/ISLANDORA/Islandora
All bugs, feature requests and improvement suggestions are tracked at the DuraSpace JIRA:
https://jira.duraspace.org/browse/ISLANDORA
Fedora/Drupal Security
======================
The islandora_drupal_filter passes the username of 'anonymous' through to Fedora for unauthenticated
Drupal Users. A user with the name of 'anonymous' may have XACML policies applied to them that are
meant to be applied to Drupal users that are not logged in or vice-versa. This is a potential security
issue that can be plugged by creating a user named 'anonymous' and restricting access to the account.

Loading…
Cancel
Save