[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential security issue with LedgerSMB (inherited from SL)
- Subject: Re: Potential security issue with LedgerSMB (inherited from SL)
- From: "Chris Travers" <..hidden..>
- Date: Mon, 11 Sep 2006 08:56:04 -0700
This is something that ought to go away as we continue re-engineering
the application. Yes, I do think it is at least a theoretical
concern in that one could create a set-up where a problem could exist
but in it would be a lot of work.
So I don't see it as more urgent than the need for Real Security Controls (TM), a lack we have also inherited from SQL-Ledger.
Also tere has been a lot of talk about revising the scripts to get rid
of different paths for different browsers. I would expect that in
the future, the command-line interface should be wholely separate from
the current web interface.