|
|
|
[
Permlink
| « Hide
]
Lukasz Guminski [20/Dec/13 11:28 AM]
I believe that this feature creates a hole in QB security model. A malicious user without permissions to a given configuration is able to remove all its workspaces, by creating another config pointing to the same workspace location, and removing it.
We will add the extra check to only remove workspace when workspace setting is defined as "use configuration name to identify workspace directory" in next patch release.
|