[Vtigercrm-developers] Security
Pabiszczak, Błażej
b.pabiszczak at opensaas.pl
Tue Sep 30 11:14:07 GMT 2014
Who is this question to? To me or to Vtiger?
Z poważaniem / Regards
Błażej Pabiszczak
M: +48.884999123
E: b.pabiszczak at opensaas.pl
2014-09-30 9:54 GMT+02:00 Alan Bell <alan.bell at libertus.co.uk>:
> On 30/09/14 08:45, Pabiszczak, Błażej wrote:
>
>
> You can change any records from pricebook module
>
>
> Please edit pricebook record change manually recordid to other (e.g.
> some account) and save.
>
> I have noticed this one before, or similar, if you are in any entity and
> you change the record in the URL it will load the page but with no relevant
> data on it. In 5.4 series it would say " Record you are trying to access
> is not found. Go Back." I figured it was just loading the wrong entity
> through the form, does it actually get around the security and allow you to
> update an entity that you wouldn't otherwise be able to see/update?
>
> Alan.
>
>
> --
> Libertus Solutionshttp://libertus.co.uk
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140930/aa731253/attachment.html>
More information about the vtigercrm-developers
mailing list