Feature #8463
Check security policy for objects reconstituted in the session scope
Status: | New | Start date: | 2010-06-23 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | - | % Done: | 0% |
|
Category: | Security | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: |
Description
Currently persited objects that are reconstituted in the session scope are not checked against the security policy. This might be a problem, if a persisted object has changed from one request to the other and the user is no longer allowed to access this object becaouse of the change.
Related issues
History
#1 Updated by Andreas Förthner about 5 years ago
Maybe we can use lazy loading proxies in the initial reconstitution process. The this problem should be solved.