www.cendio.com
Bug 4853 - security audit of the HTML client
: security audit of the HTML client
Status: CLOSED FIXED
: ThinLinc
Web Access
: trunk
: PC Unknown
: P2 Normal
: 4.3.0
Assigned To:
:
:
:
: 4615
  Show dependency treegraph
 
Reported: 2013-10-16 13:39 by
Modified: 2014-10-06 15:49 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2013-10-16 13:39:58
Now that we will be exposing our tlstunnel/webserver code to the evils of the
unfiltered internet, we probably need to have a more rigorous look through the
code to make sure we don't have any obvious security issues. We should also
make sure that it is properly robust against various denial of service attacks.
------- Comment #1 From cendio 2014-04-08 09:47:18 -------
We need to validate input we get from the browser and from the user. Some of
this work has been done as part of bug 4840 but a more thorough look is needed.
------- Comment #2 From cendio 2014-09-19 13:09:15 -------
I've opened new bugs for all issues I've found, but I could find no more in the
time spent on this bug. I've created bug 5263 about mitigating denial of
service attacks.
------- Comment #3 From cendio 2014-09-19 13:09:54 -------
Since all issues got new reported as new bugs, there is nothing to test on this
bug. Closing.