[Vtigercrm-developers] Security

Prasad prasad at vtiger.com
Tue Sep 30 12:24:36 GMT 2014 

Sorry for my over-sight. Our team is reviewing the same.

*Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I* Facebook
<http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I* Blog
<https://blogs.vtiger.com/>* I* Wiki
<http://wiki.vtiger.com/index.php/Main_Page> *I *Forums
<https://discussions.vtiger.com>*I* Website <https://www.vtiger.com/>

On Tue, Sep 30, 2014 at 5:05 PM, Pabiszczak, Błażej <
b.pabiszczak at opensaas.pl> wrote:

> How is this related to the reported error? If the modification was made in
> different modules.
>
>
> Z poważaniem / Regards
> Błażej Pabiszczak
> M: +48.884999123
> E: b.pabiszczak at opensaas.pl
>
> 2014-09-30 13:25 GMT+02:00 Prasad <prasad at vtiger.com>:
>
>> Pricebook does not have assigned owner so it is kindly of public record.
>> For those module having assigned owner - Role based sharing access
>> applies for reading / writing.
>>
>> *Connect with us on: *Twitter <http://twitter.com/vtigercrm> *I* Facebook
>> <http://www.facebook.com/pages/vtiger/226866697333578?sk=wall> *I* Blog
>> <https://blogs.vtiger.com/>* I* Wiki
>> <http://wiki.vtiger.com/index.php/Main_Page> *I *Forums
>> <https://discussions.vtiger.com>*I* Website <https://www.vtiger.com/>
>>
>> On Tue, Sep 30, 2014 at 4:44 PM, Pabiszczak, Błażej <
>> b.pabiszczak at opensaas.pl> wrote:
>>
>>> Who is this question to? To me or to Vtiger?
>>>
>>>
>>> Z poważaniem / Regards
>>> Błażej Pabiszczak
>>> M: +48.884999123
>>> E: b.pabiszczak at opensaas.pl
>>>
>>> 2014-09-30 9:54 GMT+02:00 Alan Bell <alan.bell at libertus.co.uk>:
>>>
>>>>  On 30/09/14 08:45, Pabiszczak, Błażej wrote:
>>>>
>>>>
>>>>  You can change any records from pricebook module
>>>>
>>>>
>>>>  Please edit pricebook record change manually recordid to other (e.g.
>>>> some account) and save.
>>>>
>>>>  I have noticed this one before, or similar, if you are in any entity
>>>> and you change the record in the URL it will load the page but with no
>>>> relevant data on it. In 5.4 series it would say " Record you are
>>>> trying to access is not found. Go Back." I figured it was just loading
>>>> the wrong entity through the form, does it actually get around the security
>>>> and allow you to update an entity that you wouldn't otherwise be able to
>>>> see/update?
>>>>
>>>> Alan.
>>>>
>>>>
>>>> --
>>>> Libertus Solutionshttp://libertus.co.uk
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20140930/447946d9/attachment.html>

More information about the vtigercrm-developers mailing list