[HELP-16182] [fiware-stackoverflow] DELETE request for organizations does not require auth token - JIRA

Details

Type: Monitor
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 2021
Component/s: FIWARE-TECH-HELP
Labels:
- fiware
- fiware-keyrock

Source URL:
https://stackoverflow.com/questions/58320424/delete-request-for-organizations-does-not-require-auth-token

Description

Created question in FIWARE Q/A platform on 10-10-2019 at 12:10
Please, ANSWER this question AT https://stackoverflow.com/questions/58320424/delete-request-for-organizations-does-not-require-auth-token

Question:
DELETE request for organizations does not require auth token

Description:
I've noticed when you are about to delete an organization the suggested request in docu is this one (subsection DELETE AN ORGANIZATION inside ORGANIZATION CRUD ACTIONS):

curl -iX DELETE \
'http://localhost:3005/v1/organizations/organization-id' \
-H 'Content-Type: application/json' \

Which does not include the X-Auth-token as part of the header.

Could this result in a security issue (allowing anyone to delete any organization)?

Activity

Descending order - Click to sort in ascending order

Fernando Lopez made changes - 27/May/21 10:57 AM

Fix Version/s

2021 [ 12600 ]

Mohamed Sadiq made changes - 28/Nov/19 3:53 PM

Assignee

Backlog Manager [ backlogmanager ]

Backlog Manager made changes - 11/Oct/19 6:06 PM

Resolution		Done [ 10000 ]
Status	In Progress [ 3 ]	Closed [ 6 ]

Backlog Manager made changes - 11/Oct/19 3:06 PM

Status

Open [ 1 ]

In Progress [ 3 ]

Backlog Manager made changes - 10/Oct/19 3:06 PM

Field	Original Value	New Value
Component/s		FIWARE-TECH-HELP [ 10278 ]

Backlog Manager created issue - 10/Oct/19 3:06 PM

People

Assignee:

Backlog Manager

Reporter:

Backlog Manager

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

10/Oct/19 3:06 PM

Updated:

27/May/21 10:57 AM

Resolved:

11/Oct/19 6:06 PM

Agile

View on Board