Security issue - Increasing Service Center permissions with Firebug

Security issue - Increasing Service Center permissions with Firebug

  
Hi Guys,

I ran into a little security issue within Service Center enabling me to use 'disabled' switches.

When I use firebug to 'enable' a switch that is set to 'disabled' there is no server-side check that verifies the authority of this update action.
I can imagine this is also something that can occur within the design environment.
I'd think the platform should check these permissions server-side to prevent scriptkiddies from easily hacking the created applications (not per sé the Service Center).
Modification Example
Hi Eric,

Thank you for alerting for this problem.

Could you  please indicate in which Agile Platform version and revision you caught this problem?


Regards,
João Portela
Hi João,

We are running version 6.0.1.9 of the platform.

Regards,

Eric
Thanks Eric,

We'll give a look.


Regards,
João Portela