Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6595

Configdump export should require authentication token

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.12.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently, the performExport method in ConfigDumpSession does not take an authentication token.

      It should take an authentication token (which might also be required to export some of the objects). It should also check that the administrator is authorized to perform an export.

      Sub-tasks

      • Decide which access rule to check (Statedump checks root access for import). Export might not seem as sensitive at first, but note that ConfigDumpSession writes to the file system, so it could place files in the wrong directories.
      • Add parameter to performExport in ConfigDumpSession
      • Add access check to performExport

        Attachments

          Activity

            People

            • Assignee:
              amin Amin Khorsandi
              Reporter:
              samuel Samuel Lidén Borell
              Verified by:
              Henrik Sunmark
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour
                1h