[Vtigercrm-developers] SOAP services
joaopcoliveira at gmail.com
Tue Mar 21 06:43:25 PST 2006
I've been looking at vtiger SOAP (version 4.2.x and 5 alpha), and i've
realized that there is an authentication mechanism for them, but it only
returns true or false...
Once that you guys have been doing a great effort in order to improve
security, but i think that all security is possible to bypass by accessing
by SOAP Services. Am I wrong ?
method DeleteTasks($username,$crmid) in vtigerolservice.php
If i'm a stranger, i still can do something like DeleteTasks('admin', 1);
without any kind of authentication ...
IMHO, it should be used any kind of token authentication and saved in
$_SERVER variable, or authenticate an user with username/password each
time one method is call.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the vtigercrm-developers