-
1. Re: Site Using JBossPortal 2.0 - www.javaclimber.com
thanks for the warm feedback
can you add it in the wiki ?
http://wiki.jboss.org/wiki/Wiki.jsp?page=JBossPortal -
2. Re: Site Using JBossPortal 2.0 - www.javaclimber.com
I have added my site it to the wiki.
Two thumbs up for a job well done!
Kevin Nilson
www.javaclimber.com -
3. Re: Site Using JBossPortal 2.0 - www.javaclimber.com
Dear Kevin,
your site is very nice but I think there is a little bug.
If I click on www.javaclimber.com I am redirected to www.javaclimber.com/portal/javaclimberportlets but
if I insert the address www.javaclimber.com/portal I have
the main page of JBoss Portal without protection!!!
Bye,
Giordano -
4. Re: Site Using JBossPortal 2.0 - www.javaclimber.com
You used three explanation marks in your post meaning you think the information you have is very critical.
You should never post potential critical flaws in a public forum, you do not know who will attempt to exploit the flaw before it has been fixed.
Instead you should try and contact the owner of the site / code directly so they can fix it before it becomes public knowledge. The web site does have a link that can be used to e-mail the author. -
5. Re: Site Using JBossPortal 2.0 - www.javaclimber.com
Giordano,
Thanks for pointing this out. I was hoping to leave this in place so people could browse around and look at a running demo. I guess you are right. There are a lot of knuckheads out there, so I now have /portal redirecting and am using a custom security-domain.
I didn't consider this a flaw at all. It is a managed risk. I monitor my access logs fairly closely. I was just trying to help people out, but since it was pointed out in a public forum I have removed that feature.
Thanks
Kevin Nilson
www.javaclimber.com