Details

    • Type: Technical Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 6.1.0 CE RC1
    • Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1
    • Component/s: DM
    • Labels:
    • Environment:
      Tomcat 7.0.21 + MYSQL5.0. 6.1.x Revision 89665.

      Description

      Maybe it's not important issue, but can be dangerous when used inappropriately.

      WebServerServlet displays all files, including those who aren't linked from the web. If user doesn't have document library portlet on the pages and doesn't directly refer the documents, he might get wrong feeling of safety (for example documents from public folder which is not accessible through any link), in other words: security by obscurity.

      I'm not sure if all files should be accessible from http://www.liferay.com/documents/guest/, for example http://www.liferay.com/documents/guest/Training%20Documents/Course%20Guides/ ?

      User should be aware of this functionality or it should be disabled by default.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 50 weeks, 1 day ago