tracker issue : CF-4126630

select a category, or use search below
(searches all categories and all time range)
Title:

Do not use JavaScript to protect the Admin

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/FeatureRemoved

Reporter/Name(from Bugbase): Raymond Camden / Raymond Camden (Raymond Camden)

Created: 03/09/2016

Components: API Manager, Administrator

Versions: 2016

Failure Type: Unspecified

Found In Build/Fixed In Build: Alpha_v12 /

Priority/Frequency: Major / Unknown

Locale/System: English / Mac All

Vote Count: 0

I am shocked - honestly shocked - that I'm seeing JavaScript being used to protect the APIM admin home page. If you disable JS and hit /admin, you can clearly see the home page. You may not be able to do much (still testing), but client-side protection like this is NOT protection.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126630

External Customer Info:
External Company: Broadchoice
External Customer Name: Raymond Camden
External Customer Email: raymondcamden@gmail.com
External Test Config:

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: bulk updated fieldName: Closed By newValue: rukumar oldValue: Blank oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-15 18:23:28.0 action: bulk updated fieldName: Date Closed newValue: 2015-10-15 11:23:28.0 oldValue: Blank oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-15 18:23:28.0 action: bulk updated fieldName: State newValue: Closed oldValue: Open oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-15 18:23:28.0 action: bulk updated fieldName: Owner newValue: Blank oldValue: siddhart oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-15 18:23:28.0 action: bulk updated fieldName: Reason newValue: FeatureRemoved oldValue: Blank oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-15 18:23:28.0 action: bulk updated fieldName: Status newValue: Withdrawn oldValue: ToFix oprid: rukumar recordName: RQ_DEFECT timpestamp: 2015-10-15 18:23:28.0 action: updated fieldName: Reason newValue: Blank oldValue: Blank oprid: inoel recordName: RQ_DEFECT timpestamp: 2015-09-18 09:24:06.0 action: updated fieldName: Priority newValue: 3 oldValue: 0 oprid: inoel recordName: RQ_DEFECT timpestamp: 2015-09-18 09:24:06.0 action: updated fieldName: Status newValue: ToFix oldValue: Unverified oprid: inoel recordName: RQ_DEFECT timpestamp: 2015-09-18 09:24:06.0 action: updated fieldName: Fix By Product Milestone newValue: Beta oldValue: Blank oprid: inoel recordName: RQ_DEFECT timpestamp: 2015-09-18 09:24:06.0 action: updated fieldName: Dev Assigned newValue: siddhart oldValue: awdhesh oprid: inoel recordName: RQ_DEFECT timpestamp: 2015-09-18 09:24:06.0 action: updated fieldName: Owner newValue: siddhart oldValue: inoel oprid: inoel recordName: RQ_DEFECT timpestamp: 2015-09-18 09:24:06.0 action: updated fieldName: Fix By Milestone newValue: Beta oldValue: Blank oprid: inoel recordName: RQ_DEFECT timpestamp: 2015-09-18 09:24:06.0
Comment by CFwatson U.
3681 | March 09, 2016 04:19:52 AM GMT
Added By: PreRelease User User Name:Raymond Camden Note Added: Entered Bug. Date Added :2015-09-16 13:23:02.0
Comment by CFwatson U.
3682 | March 09, 2016 04:19:53 AM GMT