Defect #1147

The validation link in mail is not secured

Added by Blatti Yves almost 4 years ago. Updated over 3 years ago.

Status:ClosedStart date:09/24/2015
Priority:NormalDue date:
Assignee:Battaglia Marc% Done:

100%

Category:SHOP
Target version:4.4.0
Affected version:4.3.0

Description

The validation link in mail is not secured:
The link allow a non authenticated user having the link to validate or reject an order (this is the goal).
But the link is built with the id of the order (known by everyone: clien, third party and provider) and the id of the validator,
if a user knows the id of one of the validators, he can validates his own order.


Related issues

Related to easySDI - Enhancement #1148: SHOP enhance mail notifications Closed 09/24/2015

History

#1 Updated by Blatti Yves over 3 years ago

#2 Updated by Blatti Yves over 3 years ago

  • Status changed from Affected to Resolved
  • % Done changed from 0 to 100

rev 9383

#3 Updated by Blatti Yves over 3 years ago

  • Target version set to 4.4.0

#4 Updated by Blatti Yves over 3 years ago

  • Status changed from Resolved to To merge

#5 Updated by Blatti Yves over 3 years ago

  • Assignee changed from Blatti Yves to Battaglia Marc

#6 Updated by Battaglia Marc over 3 years ago

  • Status changed from To merge to Closed

Also available in: Atom PDF