Modify

Opened 8 years ago

Closed 8 days ago

#4056 closed defect (invalid)

What's about Security?

Reported by: Martin Scharrer Owned by: James Mills
Priority: highest Component: SqlQueryMacro
Severity: critical Keywords: security
Cc: Trac Release: 0.11

Description

There seems to be no security checks to disallow something like DROP TABLE 'wiki';, or is the missing db.commit() a protection for writing to the DB?

Attachments (0)

Change History (2)

comment:1 in reply to:  description Changed 8 years ago by James Mills

Status: newassigned

Replying to martin_s:

There seems to be no security checks to disallow something like DROP TABLE 'wiki';, or is the missing db.commit() a protection for writing to the DB?

Yes. It deliberately does NOT commit. Unless you have any other "Security Concerns" I'm going to close this as "Invalid" tomorrow after reviewing my plugin.

I'll be publishing a new version tomorrow.

--JamesMills

comment:2 Changed 8 days ago by Ryan J Ollos

Resolution: invalid
Status: assignedclosed

Modify Ticket

Action
as closed The owner will remain James Mills.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.