[ome-devel] OMERO-Matlab: security bug
Sebastien Besson
seb.besson at googlemail.com
Mon Jan 23 19:30:10 GMT 2012
Hi everyone,
Using Matlab 2011a and OMERO.matlab-4.3.3 under Ubuntu 10.04, I ran into
a serious security issue while connecting to my OME server: I do not
need to provide a valid password to access my data on the server.
Below are the commands, i use under Matlab
% Create client and session
client = omero.client('lincs-omero.hms.harvard.edu', 4064);
session = client.createSession('sb286', '');
% Load datasets
param = omero.sys.ParametersI();
param.leaves();%indicate to load the images
proxy=session.getContainerService();
datasetsList = proxy.loadContainerHierarchy('omero.model.Dataset', [],
param);
Sessions with an invalid username return an empty datasetsList. I tried
with another valid user of this server and I could access the data.
I tried to duplicate this bug using OMERO insight and I got successfully
rejected when trying to login without my password.
Best,
Sebastien
More information about the ome-devel
mailing list