Ticket #36 (new enhancement)
Opened 3 years ago
Prevent SQL Injections coming from the requets
| Reported by: | assefa | Owned by: | |
|---|---|---|---|
| Priority: | minor | Version: | SVN |
| Keywords: | Cc: | ||
| Triage Stage: | Unreviewed | State of Approval: | Unnecessary |
| Attached Patches: | None | Complexity: | Unknown |
| Compatibility: | Unknown | Specification: | Unnecessary |
Description
This bug is to trac any issues/solutions that needs to be implemented to prevent any kind of SQL injections through wfs requests. An interesting read at: http://www.securityfocus.com/infocus/1768.
Initial comments by Olivier: "All the controls and checks should be done for common parameter in ows_request.c
Filter Encoding is a specific one, as we could only check at this stage that it validate against FE Schema. And we use some of the FE content to build SQL query. So there's a specific risk there."
Note: See
TracTickets for help on using
tickets.
