Modify ↓
Opened 16 years ago
Closed 8 years ago
#4056 closed defect (invalid)
What's about Security?
Reported by: | Martin Scharrer | Owned by: | James Mills |
---|---|---|---|
Priority: | highest | Component: | SqlQueryMacro |
Severity: | critical | Keywords: | security |
Cc: | Trac Release: | 0.11 |
Description
There seems to be no security checks to disallow something like DROP TABLE 'wiki';
,
or is the missing db.commit()
a protection for writing to the DB?
Attachments (0)
Change History (2)
comment:1 Changed 16 years ago by
Status: | new → assigned |
---|
comment:2 Changed 8 years ago by
Resolution: | → invalid |
---|---|
Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
Replying to martin_s:
Yes. It deliberately does NOT commit. Unless you have any other "Security Concerns" I'm going to close this as "Invalid" tomorrow after reviewing my plugin.
I'll be publishing a new version tomorrow.
--JamesMills