The WS authentication code does not sanitize user input

rdmenezes / remote-testbed

Automatically exported from code.google.com/p/remote-testbed

0 stars 1 forks source link

The WS authentication code does not sanitize user input #1

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

When authenticating users, data provided by the user is concatenated into
the SQL query without being verified. This could lead to a SQL injection
attack.

Original issue reported on code.google.com by jonas.fonseca on 28 Aug 2007 at 2:09

GoogleCodeExporter commented 9 years ago

Should be fixed before the 1.0 release.

Original comment by jonas.fonseca on 25 Oct 2007 at 3:48

Added labels: Milestone-Release1.0
Removed labels: ****

GoogleCodeExporter commented 9 years ago

This patch is currently being tested.

Original comment by jonas.fonseca on 2 Nov 2007 at 1:13

Changed state: Started
Added labels: ****
Removed labels: ****

Attachments:

0001-issue-1-use-prepared-statements-to-prevent-SQL-inj.patch

GoogleCodeExporter commented 9 years ago

The patch has been applied and pushed. The fix is available in commit
3a91305f3515b0338aaf68a1748e33201dab67bf ...

Original comment by jonas.fonseca on 5 Nov 2007 at 8:56

Changed state: Fixed
Added labels: ****
Removed labels: ****