Feature #8463
Check security policy for objects reconstituted in the session scope
| Status: | New | Start date: | 2010-06-23 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assigned To: | - | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: |
Description
Currently persited objects that are reconstituted in the session scope are not checked against the security policy. This might be a problem, if a persisted object has changed from one request to the other and the user is no longer allowed to access this object becaouse of the change.
Related issues
History
#1 Updated by Andreas Förthner about 5 years ago
Maybe we can use lazy loading proxies in the initial reconstitution process. The this problem should be solved.