Custom Query (2152 matches)
Results (1438 - 1440 of 2152)
Ticket | Resolution | Summary | Owner | Reporter |
---|---|---|---|---|
#120 | fixed | Security audit | dread | dread |
Description |
Look for all places where model is accessed and check authorization is checked. Document holes (and, as necessary, suggestions for fixes) as new tickets. Likely areas that need looking at:
Write holes are obviously much more significant to us than read holes. |
|||
#1585 | fixed | Security fix | dread | |
Description |
(details embargoed until 31/1/2012) |
|||
#132 | fixed | Security hole - read package/group list (REST) | rgrp | dread |
Description |
Using REST interface you can list packages and groups without authorization being checked. Can be fixed using more advanced query to check authz. |
Note: See TracQuery
for help on using queries.