topic Re: Security issue using cifs to connect to AVM in Alfresco Archive

Security issue using cifs to connect to AVM

harshad — Wed, 28 Mar 2007 17:30:53 GMT

I was trying out certain use cases in WCM.In one of them I have a static JSP site which I imported in bulk and I can preview it. I was also trying to use cifs for modifying the html (directly in my editor of preference) and other JSP files already in the individual sandboxes for various users. Her

Re: Security issue using cifs to connect to AVM

eyestreet — Fri, 06 Apr 2007 15:52:13 GMT

Hi Harshad,

When you mount the CIFS interface, what credentials are you supplying? I haven't tried with this latest release, but I though somewhere along the way that CIFS would only show the sandboxes that particular user ID has access too. Staging will always be visible, based on the way things are now, but you should not be able to change those assets.

Well, I just tested it out here as well. There is basically no security on the CIFS interface above and beyond the credentials you supply to mount the device. Harshad, would you like to file the JIRA, or see if one has been filed already? –> Tested on enterprise edition

Brent Kastner
Eye Street

Re: Security issue using cifs to connect to AVM

harshad — Fri, 06 Apr 2007 16:06:59 GMT

Hi Brent,

I tried with many users, with admin, with ordinary users and on both windows and Linux.

Once any user logs in he is able to see the entire /avm although security exists for /Alfresco.

I haven't heard from others on this on the forum for a long time though.

-harshad.

Re: Security issue using cifs to connect to AVM

kevinr — Fri, 20 Apr 2007 09:42:16 GMT

This has been raised as an issue.