[ic] Security Risk In UI...
Stefan Hornburg Racke
interchange-users@lists.akopia.com
Mon Jul 16 18:28:00 2001
John Beima <jbeima@palb.com> writes:
> G'Day FOlks,
>
> I have found a few little bugs in the UI, which it seems that submitting a bug
> report was a waste of time... Maybe from now on all bug reports should be
> submitted through the RedHat network to see if they may be resolved... Maybe
> requests comming from RedHat themselves will get these fixed... However here is
> the first few you need to watch out for:
>
> 01) Security Comprimise: When you set the global variable UI_SECURE = 1, the UI
> should run completely through SSL. This is done in all but 1 case. When you
> bring up a table and select more than one field and click "edit in sequence",
> the first item you edit runs through SSL, then you drop out of the protection of
> SSL and run the rest of the edits through non-ssl... This IS a security whole
> and a bug. It has been reported but has basicly been ignored.
Yes, is it indeed a bug and I fear not the last of this class :-;
Fixed locally, I'll check it in soon.
Ciao
Racke
--
Master of Swiss Web 2001: http://www.zweifel.ch/
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)