Feature #8463

Check security policy for objects reconstituted in the session scope

Added by Andreas Förthner almost 11 years ago. Updated over 10 years ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Security
Target version:
-
Start date:
2010-06-23
Due date:
% Done:

0%

Estimated time:
PHP Version:
Has patch:
Complexity:

Description

Currently persited objects that are reconstituted in the session scope are not checked against the security policy. This might be a problem, if a persisted object has changed from one request to the other and the user is no longer allowed to access this object becaouse of the change.


Related issues

Related to TYPO3.Flow - Major Feature #5659: Implement content securityResolvedAndreas Förthner2009-12-07

Actions
#1

Updated by Andreas Förthner almost 11 years ago

Maybe we can use lazy loading proxies in the initial reconstitution process. The this problem should be solved.

Also available in: Atom PDF