[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)

Hi all;

This is something that ought to go away as we continue re-engineering the application.  Yes, I do think it is at least a theoretical concern in that one could create a set-up where a problem could exist but in it would be a lot of work.

So I don't see it as more urgent than the need for Real Security Controls (TM), a lack we have also inherited from SQL-Ledger.

Also tere has been a lot of talk about revising the scripts to get rid of different paths for different browsers.  I would expect that in the future, the command-line interface should be wholely separate from the current web interface.

Best Wishes,
Chris Travers