diff options
author | Derrell Lipman <derrell@samba.org> | 2007-01-05 19:29:45 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:36:56 -0500 |
commit | 102e4840b3bc11cc84a0ecb784190e7501277ac4 (patch) | |
tree | 7070fddf213250f48f4ad0b905deb099f5e4c3f5 /services/json_auth.esp | |
parent | 8f0a0ebcb380acf57d418a6598c75e42b0bf24dc (diff) | |
download | samba-102e4840b3bc11cc84a0ecb784190e7501277ac4.tar.gz samba-102e4840b3bc11cc84a0ecb784190e7501277ac4.tar.bz2 samba-102e4840b3bc11cc84a0ecb784190e7501277ac4.zip |
r20559: Web Application Framework
- Disallow, for now, any ScriptTransport access. A serious security issue has
been described, and since we don't currently need it for anything, disable
it completely.
- Continued clean-up towards implementing the common authentication code
(This used to be commit 07817a5489dd8cc6c85c10116f4dba43d798ef03)
Diffstat (limited to 'services/json_auth.esp')
-rw-r--r-- | services/json_auth.esp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/services/json_auth.esp b/services/json_auth.esp index 2d58b6e2af..0fdd98037d 100644 --- a/services/json_auth.esp +++ b/services/json_auth.esp @@ -1,7 +1,13 @@ <% /* Return true to allow access; false otherwise */ -function json_authenticate(serviceComponents, method) +function json_authenticate(serviceComponents, method, scriptTransportId) { + // Don't allow any access via ScriptTransport, for now. + if (scriptTransportId != jsonrpc.Constant.ScriptTransport.NotInUse) + { + return false; + } + return true; } |