View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Support us on Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Security improvements - ProjeQtOr
 

Security improvements

More
18 Oct 2013 15:08 #1 by caccia
Security improvements was created by caccia
Hello Babynus,

I noticed a Ticket#1201 mentioning some improvements against vulenrabilities.
If it helps, I had someone here take a look at what could be improved, and this is what he came up with:
- SQL injection attacks --> treated in ticket#1201
- XSS attacks --> treated in ticket#1201
- CSRF attacks --> maybe also included in ticket#1201 ?
- Restricting execution of uploaded files (e.g. php files)
- Encryption of transmitted logins/passwords

In any case, thanks for the coming improvements! (can't wait to see what V4 looks like, by the way... :cheer: )

Please Log in or Create an account to join the conversation.

More
18 Oct 2013 16:31 #2 by babynus
Replied by babynus on topic Security improvements
Hi,

Security leaks have been fixed corresponding to some identified threats.
If you have some examples of leaks, please send then to This email address is being protected from spambots. You need JavaScript enabled to view it..
I'll check if they are all fixed in V4.0.

About restricting execution of uploaded files (e.g. php files), this leak can only be solved by configuration, corresponding to recommandations : setup files attachment directories (for attachments, documents) out of php scope.

Encryption of login/passwords : password is already encrypted.
Best way to straighten this is to set application in ssl (https).
Babynus
Administrator of ProjeQtOr web site

Please Log in or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.131 seconds

Cookies settings

×

Functional Cookies

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Please login to see yours activities!

Other cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form