Contributor Mode can be Entered as Annonymous User
Last updated on MARCH 08, 2017
Applies to:Oracle WebCenter Portal - Version: 184.108.40.206.0
Information in this document applies to any platform.
Anonymous users can enter Site Studio contributor mode by hitting CTRL+SHIFT+C.
When they enter the contributor mode then the only icon they see is Refresh, however, this is still a security concern.
It is not clear what the security implications are if you can enter contributor mode, could you edit the content in some other way (even though the pencil doesn't appear)? It would potentially be embarrassing if it was public knowledge that this functionality was available, and for a very security focused company this may be sufficient to block go live.
The expectation is that nothing happens when an anonymous user presses CTRL+SHIFT+C.
Steps to Reproduce
1. Create a new starter WebCenter Portal Framework application
2. Create a new Content Repository connection as the default connection to point to a UCM instance
3. Execute the home.jspx
4. Log in as weblogic
5. Hit CTRL + Shift + E to enter edit mode
6. Add a Content Presenter task flow
7. Configure the Content Presenter task flow to point to an HTML document inside UCM
8. Close edit mode
9. On home.jspx (still logged in) hit CTRL+Shift+C to enter contribution mode which should show up as expected, showing the Edit and Refresh icons
10. Click on Logout to become anonymous
11. Hit CTRL+Shift+C to enter contribution mode which shows up with just the refresh icon
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms