[JS-1154] JobScheduler should execute only show_... commands via HTTP GET - SOS JIRA

XML

Word

Printable

Details

Type: Feature
Status: Released (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.6.4246, 1.7
Component/s: Job Scheduler Binaries
Labels:
None

Description

Currently JobScheduler is able to execute xml commands via HTTP GET. Due to security reasons it should not be able to excute commands like <start_job .../>, <add_order .../>, <terminate .../> etc.

Only <show_.../> commands should be possible anymore.

If one of the blocked commands should be executed the HTTP response is

403 Forbidden

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

jira-csrf-popup.png
21 kB
02 June 2014 09:44

Activity

People

Assignee:: Oliver Haufe

Reporter:: Stefan Schädlich (Inactive)

Approver:: Stefan Schädlich (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 27 May 2014 08:54

Updated:: 18 October 2016 14:52

Resolved:: 03 June 2014 08:54