security
Hi everybody recently we have found that when creating a user, Nuxeo allows you to set some fields like firstName or lastName with HTML code. See examples below: curl -X POST -H "Content-Type: application/json" -u Administrator:Administrator -d '{ ...
 |
Paco Alías
Member (699) 1 3 4 |
01/18/2016 |
Answer: Hi, The problem with the results in the top-right search box for a compromised user name (or document title in some situations) is fixed for the next releases and hotfixes (6.0-HF26, 7.10-HF04, 8.1). Our internal reference for this is NXP-18833 (the ...
2 votes
2 answers
7 comments
3701 views
I have found a serious security vulnerability in Nuxeo. How do I report it privately?
 |
mibe
Member (10) 1 1 0 |
02/25/2015 |
0 votes
1 answers
0 comments
1814 views
Is there a way to manage access rights on files and not only on a folders . I have implemented an Operation allowing me to grant or deny permissions, but it only works if the document is a folder or a workspace. If the path of the document points ...
0 votes
2 answers
0 comments
1810 views
Bonjour Je viens d'installer la dernière version de Nuxeo DM 5.4.2, tout c'est bien passé pendant l’installation (enfin je crois, je suis vraiment une débutante qui n'y connaît pas grand chose !). Mais quand je veux me connecter avec ...
0 votes
1 answers
1 comments
5243 views
We have a messy AD where not all email addresses are in lower case. Some are capitalized and some are not. Because of this, a user may login with USer@acme.com or user@acme.com . I see in the ACLS table that the permissions are stored both ways, ...
 |
fast_narcis
Member (179) 1 2 3 |
11/01/2011 |
Answer: Since Nuxeo 5.4.2, you can force the id case of the directory entries to “lower” or “upper” in the LDAPDirectory configuration with: <idCase>lower</idCase> for instance. The default value for that parameter is “unchanged”. That should ...
0 votes
1 answers
9 comments
2569 views
I was wondering if PHP Automation Client allows ACL requests or not? I need to know all the users with Write Permission on a document and I used following code but no joy! <?php $x=""; $id = "8f488a16-7683-465e-9cce-03016f818622"; //ID of the ...
0 votes
2 answers
1 comments
2434 views
I cannot see the browse permission in my nuxeo DM, is it a feature of another version? or do i have to create that permission, and if that is the case, how can i create that permission and where? i want to grant a browse permission to a specific ...
 |
lethal2k22
Member (12) 1 1 1 |
09/23/2011 |
Answer: The BROWSE permission is a default permission in Nuxeo DM defined in this contribution: http://explorer.nuxeo.org/nuxeo/site/distribution/Nuxeo%20DM-5.4.2/viewComponent/org.nuxeo.ecm.core.security.SecurityService You can also have a look at this ...
1 votes
3 answers
0 comments
3045 views
If the Administrator can “manage everything”, why are MS Word or MS PowerPoint documents always opened in “read-only” mode. How do we change this?
 |
CharlesDarwin
Member (80) 1 2 1 |
09/14/2011 |
Answer: The access rights be they read, write etc., refer not to the actual content of a document [MS Word, MS PowerPoint] etc., but to information about the document such as nature, expiry or comments. To change the actual content of a document itself ...
0 votes
1 answers
0 comments
1569 views
Can the user request a password reset automatically?
0 votes
1 answers
0 comments
1855 views
Is there an encryption capability in Nuxeo or would it be better to work with filesystem encryption features?
 |
Brendan Coveney
Member (245) 2 2 1 |
08/05/2011 |
Answer: There are encryption-like features in Nuxeo, but whether to use them or not is a complex question, whose answer depends on why you actually want to have encryption. Encryption is a technical solution to a security-related question that should be ...
0 votes
2 answers
1 comments
2781 views
Can Nuxeo create a one time link such that once a file is downloaded the link becomes invalid (or it could be time limited as well perhaps as an alternative solution) ?
|
Brendan Coveney
Member (245) 2 2 1 |
08/05/2011 |
Answer: There is no feature implementing this behaviour in Nuxeo at the moment, but the URL service makes it possible to define REST URLs to access data, and implement the related specific logic, see the documentation at http://doc.nuxeo.com/x/hwFu .
0 votes
1 answers
0 comments
1520 views
Follow
content-management-platform password document-management francais xss type test automation 6.0 office liveedit php permission
content-management-platform password document-management francais xss type test automation 6.0 office liveedit php permission
Brendan Coveney
Member (245)
Member (245)
fast_narcis
Member (179)
Member (179)
CharlesDarwin
Member (80)
Member (80)
Megha
Member (142)
Member (142)
mcaissie
Member (274)
Member (274)
lethal2k22
Member (12)
Member (12)
Paco Alías
Member (699)
Member (699)
Julie
Member (412)
Member (412)
Shyriu
Member (26)
Member (26)
mibe
Member (10)
Member (10)