marco sanchez
Member
Hi everyone
I found this , maybe some of you notice before but I want to share with you :
the URL to connect with e-recruit module has this structure :
https://xxxxxx.xxxxxx.com/jde/servl....ShortcutLauncher?scApp=P08400&scForm=W08400A
I notice if I change from /servlet/com.jdedwards.runtime.shortcut.ShortcutLauncher?scApp=P08400&scForm=W08400A in the URL to /E1Menu.maf you have access to E1 menus and depends how you set up the security for the Anonymous user you can see everything.
eg :https://xxxxxx.xxxxxx.com/jde/servl....ShortcutLauncher?scApp=P08400&scForm=W08400A to https://xxxxxx.xxxxxx.com/jde/E1Menu.maf
The solution that I applied was :
restricted all the menus on the role assigned to the anonymous user (FineCut);
Give only access to appls that are relation to the e-recruit site.
Restriction to the Solution Explorer.
regards
I found this , maybe some of you notice before but I want to share with you :
the URL to connect with e-recruit module has this structure :
https://xxxxxx.xxxxxx.com/jde/servl....ShortcutLauncher?scApp=P08400&scForm=W08400A
I notice if I change from /servlet/com.jdedwards.runtime.shortcut.ShortcutLauncher?scApp=P08400&scForm=W08400A in the URL to /E1Menu.maf you have access to E1 menus and depends how you set up the security for the Anonymous user you can see everything.
eg :https://xxxxxx.xxxxxx.com/jde/servl....ShortcutLauncher?scApp=P08400&scForm=W08400A to https://xxxxxx.xxxxxx.com/jde/E1Menu.maf
The solution that I applied was :
restricted all the menus on the role assigned to the anonymous user (FineCut);
Give only access to appls that are relation to the e-recruit site.
Restriction to the Solution Explorer.
regards