Project

General

Profile

Forums » Open discussion »

Can Firebug be used to break Redmine security

Added by Charles Monteiro over 13 years ago

hi, today one of our developers pointed out that he could enable a field that the system had disabled and enter a new value.

Of course, the individual would have to be logged into the system but I would like to understand better the implications of having a tool like Firebug widely available. For practical purposes we don't strictly run our Redmine installation on an intranet so perhaps this might be a concern.

thanks


Replies (2)

RE: Can Firebug be used to break Redmine security - Added by Etienne Massip over 13 years ago

Could you fill in a defect for this precise security glitch, please ?

RE: Can Firebug be used to break Redmine security - Added by Charles Monteiro over 13 years ago

sure, but apparently using Firebug to enable / disable fields is a very normal and typically used feature developers use when debugging their web apps so I would have thought that this is just part of the nature of these JS driven apps. I'll go ahead and enter a ticket.

    (1-2/2)