[TinyOWS-dev] [tinyows] #36: Prevent SQL Injections coming from the requets
tinyows
trac at camptocamp.com
Thu Apr 23 06:57:21 EST 2009
#36: Prevent SQL Injections coming from the requets
-----------------------------+----------------------------------------------
Reporter: assefa | Owner:
Type: enhancement | Status: new
Priority: minor | Version: SVN
Keywords: | Stage: Unreviewed
Approval: Unnecessary | Patch: None
Complexity: Unknown | Compatibility: Unknown
Specification: Unnecessary |
-----------------------------+----------------------------------------------
This bug is to trac any issues/solutions that needs to be implemented to
prevent any kind of SQL injections through wfs requests.
An interesting read at: http://www.securityfocus.com/infocus/1768.
Initial comments by Olivier:
"All the controls and checks should be done for common parameter in
ows_request.c
Filter Encoding is a specific one, as we could only check at this stage
that it
validate against FE Schema. And we use some of the FE content to build SQL
query. So there's a specific risk there."
--
Ticket URL: <https://www.tinyows.org/trac/tinyows/ticket/36>
tinyows <https://www.tinyows.org/trac/tinyows>
TinyOWS
More information about the TinyOWS-dev
mailing list