View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000206 | Main CAcert Website | source code | public | 2006-04-16 10:51 | 2013-11-20 22:23 |
Reporter | blshkv | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2006 | ||||
Summary | 0000206: [security bug] bad style of programming | ||||
Description | Don't rely on configuration of a web server. It's bad idea to keep sensitive include files within webroot directory if you can keep it outside. For example: account.php: correct: outside from WEBROOT: include("../includes/account.php"); WRONG: inside of WEBROOT: if($id == 6) { include_once("../www/account/6.php"); exit; } else if($id == 19) { include_once("../www/account/19.php"); | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
Date Modified | Username | Field | Change |
---|---|---|---|
2006-04-16 10:51 | blshkv | New Issue | |
2006-04-21 06:46 | duane | Status | new => closed |
2006-04-21 06:46 | duane | Resolution | open => fixed |
2006-04-21 06:46 | duane | Fixed in Version | => production |
2006-04-24 05:21 |
|
Note Added: 0000194 | |
2006-04-24 05:21 |
|
Assigned To | => bluec |
2006-04-24 05:21 |
|
Status | closed => needs work |
2006-05-29 05:11 |
|
Note Added: 0000238 | |
2006-05-29 05:11 |
|
Assigned To | bluec => |
2006-05-29 05:11 |
|
Status | needs work => closed |
2013-01-14 03:35 | Werner Dworak | Fixed in Version | => 2006 |
2013-11-20 22:23 | NEOatNHNG | View Status | private => public |