[TinyOWS-dev] [tinyows] #30: Lierals in filter encoding and validation to know if it is a text or not
Yewondwossen Assefa
yassefa at dmsolutions.ca
Thu Apr 23 07:10:02 EST 2009
Merci Olivier.
Closed bug #30.
I entered a specific bug on the SQL Injection issues:
https://www.tinyows.org/trac/tinyows/ticket/36
Best Regards,
>
> Yeap,
>
> All the controls and checks should be done for common parameter in
> ows_request.c
>
> Filter Encoding is a specific one, as we could only check at this stage
> that it
> validate against FE Schema. And we use some of the FE content to build SQL
> query. So there's a specific risk there.
>
> Maybe we should close this bug
>
>
> If the behaviour is Ok for you, just do
>
>
> and open a specific bug on the SQL injection?
>
>
> Yes we could, right now i'm still focus on OGC WFS unit tests,
> but we will need more units tests to check:
> - Security aspect
> - Tinyows configuration directive
> - Other output format thant GML
> - ...
>
> --
> Olivier
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> TinyOWS-dev mailing list
> TinyOWS-dev at lists.maptools.org
> http://lists.maptools.org/mailman/listinfo/tinyows-dev
--
----------------------------------------------------------------
Assefa Yewondwossen
Software Analyst
Email: assefa at dmsolutions.ca
http://www.dmsolutions.ca/
Phone: (613) 565-5056 (ext 14)
Fax: (613) 565-0925
----------------------------------------------------------------
More information about the TinyOWS-dev
mailing list