[Vtigercrm-developers] Security - users should not be able to point to main directory to load files (ticket 2928)

[Erik Bent]

In ticket 2928 there are some concerns about the soap calling without 
authorization. In the config.inc.php there is already a Unique 
Application Key generated:
$application_unique_key = '1234567890abcdef1234567890abcdef';

That key can be used to validate a soap request if the soap functions 
are modifed to include that key.

Regards,
Erik