This repository has been archived by the owner on Jan 15, 2019. It is now read-only.
[dev.icinga.com #2305] API access without credentials possible #669
Labels
Milestone
Comments
|
Updated by tgelf on 2012-02-08 09:46:10 +00:00 I can confirm this behavior. |
|
Updated by mhein on 2012-02-08 11:46:51 +00:00
|
|
Updated by mhein on 2012-02-10 09:23:17 +00:00
|
|
Updated by mhein on 2012-02-10 10:42:25 +00:00
|
|
Updated by mhein on 2012-02-10 10:53:05 +00:00
Fixed by JM |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This issue has been migrated from Redmine: https://dev.icinga.com/issues/2305
Created by leistenbruchhenry on 2012-02-07 15:11:11 +00:00
Assignee: mhein
Status: Resolved (closed on 2012-02-10 10:53:05 +00:00)
Target Version: 1.6.2
Last Update: 2012-02-10 10:53:05 +00:00 (in Redmine)
A logged in user without any given credentials, roles and not member of any groups is able to access api data. I tried the following url (from wiki) in firefox and it was working:
/icinga-web/web/api/service/filter[AND(HOST_CURRENT_STATE|=|0;OR (SERVICE_CURRENT_STATE|=|1;SERVICE_CURRENT_STATE|=|2))]/columns(SERVICE_NAME|HOST_NAME|SERVICE_CURRENT_STATE|HOST_NAME|HOST_CURRENT_STATE|HOSTGROUP_NAME)/order(SERVICE_CURRENT_STATE;DESC)/countColumn=SERVICE_ID/authkey=APITEST123456/xml
I did not set any authkey btw. (which isn't necessary, just wanted to mention it)
Changesets
2012-02-08 13:00:37 +00:00 by jmosshammer 0c238c2
The text was updated successfully, but these errors were encountered: