cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pier Fumagalli (JIRA)" <j...@apache.org>
Subject [jira] Updated: (COCOON-487) SQL Injection Vulnerability in DatabaseAuthenticatorAction
Date Tue, 25 Oct 2005 13:22:08 GMT
     [ http://issues.apache.org/jira/browse/COCOON-487?page=all ]

Pier Fumagalli updated COCOON-487:
----------------------------------

    Assign To: Torsten Curdt  (was: Torsten Curdt)

> SQL Injection Vulnerability in DatabaseAuthenticatorAction
> ----------------------------------------------------------
>
>          Key: COCOON-487
>          URL: http://issues.apache.org/jira/browse/COCOON-487
>      Project: Cocoon
>         Type: Bug
>   Components: * Cocoon Core
>     Versions: 2.0.5-dev (Current CVS)
>  Environment: Operating System: All
> Platform: All
>     Reporter: Geoff Howard
>     Assignee: Torsten Curdt

>
> The code (in head as well as 2.0.3) is dynamically building sql select 
> statement, does not use PreparedStatement, and does no input validation.  The 
> exploit is easily reproducible by entering a string such as 
> Donald Ball'; DROP TABLE employee;
> as the user name in the form at /samples/protected/login.  The vulnerability of 
> course is not limited to the example, but would apply to anyone using 
> DatabaseAuthenticatorAction.
> SOLUTION:
> Use PreparedStatement.  The code seems to be largely based on 
> DatabaseSelectAction which uses PreparedStatement.  Is it a reasonable solution 
> to make DatabaseAuthenticatorAction extend DatabaseSelectAction, call super.act
> () and introduce only the extra functionality needed?  Unfortunately, I am 
> unable to work on this at the moment.
> Geoff Howard

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message