Liferay Symposium 2016 | Reserve your seat today.
(Opens New Window)
Mark as an Answer
Edit Preferences Bug
May 7, 2008 1:00 PM
Rank: Junior Member
Join Date: October 5, 2006
I have noticed that a guest user(i.e., user who is not logged in) can reach portlet edit preferences area if they can guess the URL. I dont know if this a bug or not but it's dangerous. For example check out the weather portlet or mail portlet which are built in portlets but you can reach the preferences page by guessing the URL.
The edit configuration section seems to be well protected but I am not able to use it with a hot deployed portlet. I really appreciate if somebody can tell me how to use edit configuration area for hot deployed portlets or ways of securing edit preferences section. Thanks in advance
Sign in to vote.
Please sign in to flag this as inappropriate.