No security or input validation

Brought to you by: soljaboy, ss_hamilton

#1 No security or input validation

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2003-06-13

Created: 2003-06-13

Creator: John Holmes

Private: No

No input validation when creating soldiers allows for
cross site scripting problems. No security checks when
editing a soldier allows you to edit any soldier in the
database, regardless if they are in your unit.
Downloading the edit soldier form and changing the data
is all it takes...

Just a few things to think about... :)

CPT John Holmes

Discussion

Stephen Hamilton - 2003-09-04

Logged In: YES
user_id=776057

Take a look at the new editsoldertng file. I believe it fixes
this problem, since it is all permission based.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

John Holmes - 2003-09-04

Logged In: YES
user_id=609197

Where is that file?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Stephen Hamilton - 2007-05-01

Logged In: YES
user_id=776057
Originator: NO

Fixed. Can only update soldiers within your company, and if you have permissions to edit soldiers.

Thanks for the comment!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

No security or input validation

Group

Searches

Help

#1 No security or input validation

Discussion