Security

By Albert on January 17, 2008 10:14 PM | No Comments | No TrackBacks


There are some concerns I have about security. It looks like a lot has been done to make dotproject secure, which is good, but I have the feeling that the security model could be accidentally broken without knowing it. The access control lists are a good idea, and the login security methods seem OK, but what concerns me the most is how files are included. There appear to be some inclusion of files based upon get variables, which is obviously a no-no. It also looks like this has been guarded pretty well, but since I'm making destructive changes to the software, I'm not sure if I'm going to break the security model at the same time.

Categories:

No TrackBacks

TrackBack URL: http://www.prodot.docunext.com/cgi-bin/movabletype/mt-tb.cgi/1236

Leave a comment

Search

About this Entry

This page contains a single entry by Albert published on January 17, 2008 10:14 PM.

Misc. Notes was the previous entry in this blog.

Database is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.