View ProjeQtOr On SourceForge.net
ProjeQtOr - Project Management Tool
Supportez nous sur Capterra
OIN - Open Invention Network
ProjeQtOr free project management software - Security improvements - ProjeQtOr

Prochaines Sessions

Les prochaines formations et démonstrations sont ouvertes, inscrivez-vous rapidement !

 

Démonstration de ProjeQtOr

(gratuit, sur inscription)
 

13 mai 2025 (10h30-12h)

5 juin 2025 (16h-17h30)

  
 

Planifiez avec ProjeQtOr

14 et 15 mai 2025 (9h-12h30)

18 et 19 juin 2025 (9h-12h30)

  
 

Administrez avec ProjeQtOr

20 et 21 mai (9h-12h30)

25 et 26 juin (9h-12h30)

  

 

 

Security improvements

More
18 Oct 2013 15:08 #1 by caccia
Security improvements was created by caccia
Hello Babynus,

I noticed a Ticket#1201 mentioning some improvements against vulenrabilities.
If it helps, I had someone here take a look at what could be improved, and this is what he came up with:
- SQL injection attacks --> treated in ticket#1201
- XSS attacks --> treated in ticket#1201
- CSRF attacks --> maybe also included in ticket#1201 ?
- Restricting execution of uploaded files (e.g. php files)
- Encryption of transmitted logins/passwords

In any case, thanks for the coming improvements! (can't wait to see what V4 looks like, by the way... :cheer: )

Please Connexion or Create an account to join the conversation.

More
18 Oct 2013 16:31 #2 by babynus
Replied by babynus on topic Security improvements
Hi,

Security leaks have been fixed corresponding to some identified threats.
If you have some examples of leaks, please send then to Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser..
I'll check if they are all fixed in V4.0.

About restricting execution of uploaded files (e.g. php files), this leak can only be solved by configuration, corresponding to recommandations : setup files attachment directories (for attachments, documents) out of php scope.

Encryption of login/passwords : password is already encrypted.
Best way to straighten this is to set application in ssl (https).
Babynus
Administrator of ProjeQtOr web site

Please Connexion or Create an account to join the conversation.

Moderators: babynusprotion
Time to create page: 0.031 seconds

Paramétrages de cookies

×

Cookies fonctionnels

Ce site utilise des cookies pour assurer son bon fonctionnement et ne peuvent pas être désactivés de nos systèmes. Nous ne les utilisons pas à des fins publicitaires. Si ces cookies sont bloqués, certaines parties du site ne pourront pas fonctionner.

Session

Veuillez vous connecter pour voir vos activités!

Autres cookies

Ce site web utilise un certain nombre de cookies pour gérer, par exemple, les sessions utilisateurs.

Login Form