Browse Source

Merge pull request #207 from willtp87/ISLANDORA-780-DOCUMENT

ISLANDORA-780
pull/206/merge
Jonathan Green 12 years ago
parent
commit
fd1e4fdaf3
  1. 7
      README

7
README

@ -7,3 +7,10 @@ https://wiki.duraspace.org/display/ISLANDORA/Islandora
All bugs, feature requests and improvement suggestions are tracked at the DuraSpace JIRA: All bugs, feature requests and improvement suggestions are tracked at the DuraSpace JIRA:
https://jira.duraspace.org/browse/ISLANDORA https://jira.duraspace.org/browse/ISLANDORA
Fedora/Drupal Security
======================
The islandora_drupal_filter passes the username of 'anonymous' through to Fedora for unauthenticated
Drupal Users. A user with the name of 'anonymous' may have XACML policies applied to them that are
meant to be applied to Drupal users that are not logged in or vice-versa. This is a potential security
issue that can be plugged by creating a user named 'anonymous' and restricting access to the account.

Loading…
Cancel
Save