-
Type:
Improvement
-
Resolution: Unresolved
-
Priority:
Trivial
-
Affects Version/s: None
-
Component/s: Registry
-
None
Accessing a url with an invalid CO like
/registry/co_extended_attributes/edit/2/co:145
leaks information since the authn check is performed after the COID is validated. While authz can't take place until coid is validated, at least authn could. Though there may not be an elegant way to do this in Cake
- is related to
-
-
- In Progress
-