[0.9.2-dev] Security: server site oic_svr_db_server.json is overwritten by ocserverbasicops with some value in doxm.ownr
On Ubuntu, the oic_svr_db_server.json file has the following block under ACL:
In the example above, the value in the "ownr" field ("MjIyMjIyMjIyMjIyMjIyMg==") is "2222222222222222" after decode
I changed the value to "1111222211112222" (or "MTExMTIyMjIxMTExMjIyMgo=" after encode)
Then, when osserverbasicops is started, the oic_svr_db_server.json file is overwritten by a new file with doxm.owned=false. the deviceid and ownr fields are also altered.
And therefore no GET/PUT/POST/DELETE worked.
The json file used was validated and passed.
The "before" and "after" json files are attached.
JIRA migration meta data
- JIRA Issue ID: IOT-673
- Reporter: mytung
- Assignee: shilpasodani
- Creator: mytung
- Created at: 2015-08-04T13:53:57.000-0700
- Found in Version: ad8521cc
- Fix in Version: None
- Issue Severity: Major
- Reproducibility: Always (100%)
- Operating System: Ubuntu
- Hardware/ OEM Platform: None
- External URL: None
- Bugzilla ID: None
- Product: None
- Status: Closed
- Components: SDK
- Priority: P2
- Due Date: None
Issue Type: Bug
END of JIRA migration meta data