Details
Description
Currently, for ZK paths being used in RecordService, there's no protection. In CSD the ACL is set to world:anyone:cdrwa. This could be potential security hole since someone can get the delegation token from these paths.
Currently, for ZK paths being used in RecordService, there's no protection. In CSD the ACL is set to world:anyone:cdrwa. This could be potential security hole since someone can get the delegation token from these paths.