web_techsystech

Techsystech

History

Guewen Baconnier d21c87f525 Prevent to send web notifications to other users Only the admin user (sudo) is allowed to send notifications to other users. The normal users can only send notifications to themselves. This is to prevent attackers to craft malicious notifications and send them to other users using RPC. Correction based on the idea of @hbrunn	2023-01-05 16:40:06 +01:00
..
__init__.py	New module web_notify	2023-01-05 16:40:06 +01:00
test_res_users.py	Prevent to send web notifications to other users	2023-01-05 16:40:06 +01:00

Guewen Baconnier d21c87f525 Prevent to send web notifications to other users

Only the admin user (sudo) is allowed to send notifications to other
users. The normal users can only send notifications to themselves.

This is to prevent attackers to craft malicious notifications and send
them to other users using RPC.

Correction based on the idea of @hbrunn

2023-01-05 16:40:06 +01:00

__init__.py

New module web_notify

2023-01-05 16:40:06 +01:00

test_res_users.py

Prevent to send web notifications to other users

2023-01-05 16:40:06 +01:00