[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)

Subject: Re: Potential security issue with LedgerSMB (inherited from SL)
From: "Chris Travers" <..hidden..>
Date: Mon, 11 Sep 2006 08:56:04 -0700

Hi all;

This is something that ought to go away as we continue re-engineering the application. Yes, I do think it is at least a theoretical concern in that one could create a set-up where a problem could exist but in it would be a lot of work.

So I don't see it as more urgent than the need for Real Security Controls (TM), a lack we have also inherited from SQL-Ledger.

Also tere has been a lot of talk about revising the scripts to get rid of different paths for different browsers. I would expect that in the future, the command-line interface should be wholely separate from the current web interface.

Best Wishes,
Chris Travers

References:
- Potential security issue with LedgerSMB (inherited from SL)
  - From: Christopher Murtagh
- Re: Potential security issue with LedgerSMB (inherited from SL)
  - From: Richard Patterson

Prev by Date: Re: Potential security issue with LedgerSMB (inherited from SL)
Next by Date: Re: Potential security issue with LedgerSMB (inherited from SL)
Previous by thread: Re: Potential security issue with LedgerSMB (inherited from SL)
Next by thread: Re: Potential security issue with LedgerSMB (inherited from SL)
Index(es):
- Date
- Thread