Direct Access to Admin Pages Security Issue

留言板

Kinshuk Gupta，修改在11 年前。

Direct Access to Admin Pages Security Issue

New Member 帖子: 10 加入日期: 13-1-2 最近的帖子

Hi,

Recently, we did a AppScan of our application built using liferay 6.1 GA1 version. Among number of issues reported is - direct access to Admin pages. The following Urls were identified :


https://10.66.91.59:8443/c/
https://10.66.91.59:8443/c/portal/logout
https://10.66.91.59:8443/c/portal/admin/
https://10.66.91.59:8443/c/portal/x2fweb/

Is there any way to secure these /c/ Urls in Liferay?

Thanks

David H Nebinger，修改在11 年前。

RE: Direct Access to Admin Pages Security Issue

Liferay Legend 帖子: 14916 加入日期: 06-9-2 最近的帖子

The pages are open, but if you try to get there I think you'll find Liferay doesn't let you in...