Jahia in English > REST services disclosing...

0 (0 Good)
0 (0 Bad)

REST services disclosing sensitive information

by  Abhishek »  2014/03/25 05:53

How to restrict the access to the default REST services.Because User getting Response from DataBase. And it will disclosing Confidential Informations to the users.

Go through the  Following snapshot, it will explains the Issue.

Abhishek
Number of messages  12
Not registered
0 (0 Good)
0 (0 Bad)

Re: REST services disclosing sensitive information

by  shyrkov »  2014/03/25 09:17

Hello,

 

the /find controller mapping is defined in a Spring file (WEB-INF/lib/jahia-impl-*.jar/org/jahia/defaults/config/spring/servlet-applicationcontext-renderer.xml) bean name "rendererMapping".

You can copy that XML file to WEB-INF/etc/spring keep the "rendererMapping" bean definition and adjust the mapping for /find controller by adding "requiredPermission", say:

                <entry key="/find/**">
                    <bean class="org.jahia.bin.Find">
                        <property name="urlResolverFactory" ref="urlResolverFactory" />
                        <property name="requiredPermission" value="administrationAccess"/>
                    </bean>
                </entry>
 

Or you can remove the mapping entry completely to disable the Find controller.

 

Kind regards

Sergiy

Sergiy Shyrkov (shyrkov)

Number of messages  407
Registration date
0 (0 Good)
0 (0 Bad)

Re: Re: REST services disclosing sensitive information

by  ldumont »  2014/03/26 15:06

Hello,

It seems you can retrieve hashed password of the users (like root) quite easliy...

I think it's a big security issue, isn't it?

Loïc

  • Re: Re: REST services disclosing sensitive information
    2014/03/26 15:06

    ldumont <p> Hello,</p> <p> It seems you can retrieve hashed password of the users (like root) quite easliy...</p> <p> I think it&#39;s a big security issue, isn&#39;t it?</p> <p> Lo&iuml;c</p>

  • Number of messages  1
    Registration date Mar 26, 2014
    0 (0 Good)
    0 (0 Bad)

    Unable to open Link.

    by  Abhishek »  2014/04/01 11:44

    Hi,

    Iam unable to find  the hotfix 7 in the link(https://www.jahia.com/fr/home/support/customers-extranet/enterprise-jahia-downloads/jahia-xcm---version-66.html)  that you have provided for the customers.The page is not found. So please provide a solution for the hotfix 7 .

    Thanks

     

    Abhishek
    Number of messages  12
    Not registered
    0 (0 Good)
    0 (0 Bad)

    Re: REST services disclosing sensitive information

    by  shyrkov »  2014/04/01 12:31

    Hello,

    you can find it in the section "Customer extranet" on jahia.com site: https://www.jahia.com/customer-extranet/jahia-xcm-version-6-6

     

    Kind regards

    Sergiy

     

    Sergiy Shyrkov (shyrkov)

    Number of messages  407
    Registration date
    0 (0 Good)
    0 (0 Bad)

    Re: Re: REST services disclosing sensitive information

    by  Abhishek »  2014/04/02 10:37

    unable to open the link that you have provided. After login the page is not opening. Please provide a solution for the same.

     

    Abhishek
    Number of messages  12
    Not registered
    0 (0 Good)
    0 (0 Bad)

    Re: Re: Re: REST services disclosing sensitive information

    by  shyrkov »  2014/04/02 12:07

    Hello,

    do you have a valid account for the Customer Extranet section of jahia.com site?

     

    Kind regards

    Sergiy

    Sergiy Shyrkov (shyrkov)

    Number of messages  407
    Registration date
    0 (0 Good)
    0 (0 Bad)

    Re: Re: Re: Re: REST services disclosing sensitive information

    by  Abhishek »  2014/04/03 04:03

    NO

    Abhishek
    Number of messages  12
    Not registered
    Contact
    Share
    Feedback

    Get in touch

    Whether you are a current user or if you are just evaluating Jahia, we are here to help.

    Contact us

    Share this page