Feature #6605
Integrate the security policy into resource management
Status:
Resolved
Priority:
Should have
Assignee:
Category:
Security
Target version:
Start date:
Due date:
% Done:
100%
Estimated time:
30.00 h
PHP Version:
Has patch:
Complexity:
Description
Resources are basically objects that can be secured by model security (see #6604). We'll have to find a solution how secured files have to be handled by the resource manager.
One possiblity would be:
We have a special virtual folder named after the secure session key that holds symlinks to all resources the current user is allowed to access. We could also add a dynamic rewrite rule that restricts access to this folder to the IP of this user. The folder would have to "expire" with the user session.
Related issues
Updated by Robert Lemke almost 11 years ago
- Status changed from New to Accepted
- Start date deleted (
2010-02-25) - Estimated time set to 30.00 h
Updated by Karsten Dambekalns about 10 years ago
- Target version changed from 1.0 alpha 13 to 1.0 alpha 14
Updated by Andreas Förthner about 10 years ago
- Status changed from Accepted to Resolved
- % Done changed from 0 to 100
Applied in changeset 670aa59cae5dbbcb9b265ea24d8c29a6357e9eb0.