no field security with csv export

Reported by invitu on 2011-09-20
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenERP GTK Client
Wishlist
OpenERP's Framework R&D

Bug Description

Field security is not managed in csv exporting.

If a user has not the right to access to a field in an object (for example standard price in products), he can export the data with gtk client.

This is a security hole

Hi Cyril,

As discussed, this is rather an improvement request than a security bug, as OpenERP does not have per-field access rights at the moment. Also, the bug does not have to be private, so let's make it public.

Thanks for your understanding!

Changed in openobject-client:
assignee: nobody → OpenERP's Framework R&D (openerp-dev-framework)
importance: Undecided → Wishlist
status: New → Confirmed
security vulnerability: yes → no
visibility: private → public
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers