[TinyOWS-dev] [tinyows] #36: Prevent SQL Injections coming from the requets

tinyows trac at camptocamp.com
Thu Apr 23 06:57:21 EST 2009


#36: Prevent SQL Injections coming from the requets
-----------------------------+----------------------------------------------
     Reporter:  assefa       |           Owner:            
         Type:  enhancement  |          Status:  new       
     Priority:  minor        |         Version:  SVN       
     Keywords:               |           Stage:  Unreviewed
     Approval:  Unnecessary  |           Patch:  None      
   Complexity:  Unknown      |   Compatibility:  Unknown   
Specification:  Unnecessary  |  
-----------------------------+----------------------------------------------
 This bug is to trac any issues/solutions that needs to be implemented to
 prevent any kind of SQL injections through wfs requests.
 An interesting read at: http://www.securityfocus.com/infocus/1768.

 Initial comments by Olivier:
 "All the controls and checks should be done for common parameter in
 ows_request.c

 Filter Encoding is a specific one, as we could only check at this stage
 that it
 validate against FE Schema. And we use some of the FE content to build SQL
 query. So there's a specific risk there."

-- 
Ticket URL: <https://www.tinyows.org/trac/tinyows/ticket/36>
tinyows <https://www.tinyows.org/trac/tinyows>
TinyOWS


More information about the TinyOWS-dev mailing list