Modify

Opened 16 years ago

Closed 8 years ago

#4056 closed defect (invalid)

What's about Security?

Reported by: Martin Scharrer Owned by: James Mills
Priority: highest Component: SqlQueryMacro
Severity: critical Keywords: security
Cc: Trac Release: 0.11

Description

There seems to be no security checks to disallow something like DROP TABLE 'wiki';, or is the missing db.commit() a protection for writing to the DB?

Attachments (0)

Change History (2)

comment:1 in reply to:  description Changed 16 years ago by James Mills

Status: newassigned

Replying to martin_s:

There seems to be no security checks to disallow something like DROP TABLE 'wiki';, or is the missing db.commit() a protection for writing to the DB?

Yes. It deliberately does NOT commit. Unless you have any other "Security Concerns" I'm going to close this as "Invalid" tomorrow after reviewing my plugin.

I'll be publishing a new version tomorrow.

--JamesMills

comment:2 Changed 8 years ago by Ryan J Ollos

Resolution: invalid
Status: assignedclosed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain James Mills.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.