Announcement

Collapse
No announcement yet.

Unauthorized tester allowed access to Web project test cases.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unauthorized tester allowed access to Web project test cases.

    Defect ID: DR-TL004
    Defect Description: Unauthorized tester allowed access to Web project test cases.

    Test configuration:
    OS - Microsoft Windows XP Pro
    CPU - P4, 2.40 GHz
    RAM - 512KB
    SUT - Testlog V3.0 Build 1013
    Server - Apache 2.2.4
    IE - Version 7.0.5730.11

    Test Preconditions:
    Project A - Tester A - Remote Access Enabled
    Tester B - Remote Access Enabled
    Tester C - Remote Access Disabled
    Project B - Tester A - Remote Access Enabled
    Tester B - Remote Access Disabled
    Tester C - Remote Access Enabled

    Steps to reproduce:
    1. Access TestLog with IE.
    2. Verify the TestLog Web Access dialog is displayed.
    3. Verify there are multipal databases available to select from.
    4. Click on Project 'B' database
    5. Verify login dialog is displayed.
    6. Login to 'B' database with Tester 'B's TesterID and Password from Project 'A'.

    Actual results: Tester B from project A was allowed to login to project B.

    Expected results: A tester shall be granted access to a project if the tester has a valid Tester ID and password for that project. When there are multipal projects the tester must be granted access for each project that the tester is allowed to access.

    Respectfully submitted,
    JC Kurth
    Sr. QA/Test Engineer
    Respectfully submitted,

    JC Kurth
    Sr. System Test Engineer

  • #2
    Thanks for the fault report. We'll see if we can replicate the problem here.

    Comment


    • #3
      Were the separate projects in a different database? The users access permissions are per database, not per project.

      Comment


      • #4
        Database Access

        Yes, I have three (3) separate databases:
        A. AccessManager
        B. LandWarrior
        C. SambleDB
        Respectfully submitted,

        JC Kurth
        Sr. System Test Engineer

        Comment


        • #5
          We haven't been able to reproduce this, creating two databases with 3 same named users each and denying a user in one prevents the user from logging in, could you please double check that remote access is denied for the user in the second database.

          Would it be possible at all to send us a copy of the databases?

          Comment

          Working...
          X