[X2go-Dev] [PATCH] Allow users to edit their *own* sessions only

[Mike Gabriel]

Hi John,

On Mo 25 Jul 2011 12:32:44 CEST "John A. Sullivan III" wrote:

> On Mon, 2011-07-25 at 08:32 +0200, Mike Gabriel wrote:
>> Hi Reinhard,
>>
>> On Mo 25 Jul 2011 00:10:03 CEST Reinhard Tartler wrote:
>>
>> > previously, users could create sessions under wrong uids or delete
>> > sessions from other users. This patch implements prevents this by
>> > checking the userid of the caller with the session id.
>>
>> +1 from me...
>>
>> > [... patch ...]
>>
> <snip>
> We addressed this a little differently as it is one of the problems we
> immediately recognized in X2Go two years ago and one of the major
> modifications we made in our environment.

The script Reinhard modified only concerns SQLite...

However, based on the current x2goserver code... if you come up with  
postgres patches (I strongly guess that you were refering to postgres  
changes on the x2goserver script) we will be happy to introspect them.

Unfortunately, there has been a complete rewrite of the database  
scripts of X2go in the meantime, so I suppose your patches that you  
sent to the ML 1-2 years ago will not apply anymore.

Greets,
Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20110725/15c1cc41/attachment.pgp>