Context Navigation

Modify ↓

#4056 closed defect (invalid)

What's about Security?

Reported by:	Martin Scharrer	Owned by:	James Mills
Priority:	highest	Component:	SqlQueryMacro
Severity:	critical	Keywords:	security
Cc:		Trac Release:	0.11

Description

There seems to be no security checks to disallow something like DROP TABLE 'wiki';, or is the missing db.commit() a protection for writing to the DB?

Attachments (0)

Change History (2)

comment:1 in reply to: description Changed 15 years ago by James Mills

Status:	new → assigned

Replying to martin_s:

There seems to be no security checks to disallow something like DROP TABLE 'wiki';, or is the missing db.commit() a protection for writing to the DB?

Yes. It deliberately does NOT commit. Unless you have any other "Security Concerns" I'm going to close this as "Invalid" tomorrow after reviewing my plugin.

I'll be publishing a new version tomorrow.

--JamesMills

comment:2 Changed 7 years ago by Ryan J Ollos

Resolution:	→ invalid
Status:	assigned → closed

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain James Mills.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: