[Davical-general] Security problem in 1.1.1?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Davical-general] Security problem in 1.1.1?

Nicolas Quiniou-Briand
Hi all,

I notice same behavior as this post [1] in Davical 1.1.1 with Roundcube
calendar_plus plugin. I report this bug on MyRoundcube plugins forum [2].

When I enable DAViCal debug (see
usera-with-read-free-busy-privilege.log), I get an ICS file which isn't
obfuscate (see line 276 in usera-with-read-free-busy-privilege.log).

If I revoke CALDAV:read-free-busy privilege on user A's collection, I
see no events (see usera-without-read-free-busy-privilege.log).

Is it a bug or a bad config ?
--
Nicolas Quiniou-Briand

[1] http://sourceforge.net/p/davical/mailman/message/25273921/
[2]
http://myroundcube-plugins.40634.n3.nabble.com/Free-busy-privileges-grants-reads-privileges-tp4026288.html


------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

usera-debug.zip (5K) Download Attachment