kennkong
commented
10 years ago I have opened a security branch to deal with these issues. My first objective is to protect the configuration pages from unauthorized access.
Open kennkong opened 10 years ago
kennkong
commented
10 years ago I have opened a security branch to deal with these issues. My first objective is to protect the configuration pages from unauthorized access.
karlkec has identified the http-identify header as a source of vulnerability. I have identified a similar weakness in the display pages. Some hardening, especially as regards SQL injection, needs to be done.