4 Feb
2003
4 Feb
'03
1:19 p.m.
If "Manage properties" permission is allowed for Anonymous, is it a security breach? In other words, is it possible to put manage_changeProperties in a URL? I tried http://www.somewhere.com/somedocument/manage_changeProperties?title=xxx, it run successfully but title remained intact... I need to increment a document property "number of readers". Is it safer to disable "Manage properties" for Anonymous and to assign Proxy role "Manager" to the method that calls manage_changeProperties and increments number of readers? -- Milos Prudek