Updating of user details is potentially unsafe

brleeflang / eurocarb

Automatically exported from code.google.com/p/eurocarb

0 stars 0 forks source link

Updating of user details is potentially unsafe #4

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

When we're updating user details, we need to make sure that things like the 
password, the 
identifier, and the contributor ID can never be written. Right now there are no 
mechanisms to 
protect these fields.

Original issue reported on code.google.com by hir...@gmail.com on 26 May 2009 at 11:12

GoogleCodeExporter commented 9 years ago

Original comment by glycosl...@googlemail.com on 5 Jun 2009 at 11:44

Added labels: Aspect-Logic, Aspect-Data

GoogleCodeExporter commented 9 years ago

Original comment by glycosl...@googlemail.com on 5 Jun 2009 at 12:02

Added labels: Type-Bug
Removed labels: Type-Defect, Security

GoogleCodeExporter commented 9 years ago

Original comment by glycosl...@googlemail.com on 5 Jun 2009 at 12:10

Added labels: Aspect-Security
Removed labels: Aspect-Logic, Aspect-Data

GoogleCodeExporter commented 9 years ago

Original comment by glycosl...@googlemail.com on 5 Jun 2009 at 12:26

Added labels: Module-Contributor

GoogleCodeExporter commented 9 years ago

is this still open or fixed?

Original comment by glycosl...@googlemail.com on 2 Jul 2009 at 8:17

Added labels: Priority-High
Removed labels: Priority-Critical

GoogleCodeExporter commented 9 years ago

Still open, we just need to throw in validation to explicitly disallow the 
fields. Will add it today.

Original comment by hir...@gmail.com on 2 Jul 2009 at 8:32

GoogleCodeExporter commented 9 years ago

Fixed in Rev 1384

Original comment by hir...@gmail.com on 2 Jul 2009 at 9:12

Changed state: Fixed