OECGI Security? (OpenInsight 32-Bit)
At 13 JUN 2003 08:59:21AM Bertil Strom wrote:
How do we prevent the web user from accessing repository entities and executing arbitrary INET-functions?
We would like to do now, what we did in Inet_Security with the oicgi.
In oicgi we had a problem with buffer overflows potentially enabling a hacker to execute arbitrary commands. Is this issue resolved?
Thanks in advance!
Regards, Bertil
At 13 JUN 2003 09:16AM [url=http://www.sprezzatura.com]The Sprezzatura Group[/url] wrote:
How do we prevent the web user from accessing repository entities and executing arbitrary INET-functions? We would like to do now, what we did in Inet_Security with the oicgi.
This should work exactly the same as OICGI. There should be no changes needed to your code in that respect.
In oicgi we had a problem with buffer overflows potentially enabling a hacker to execute arbitrary commands. Is this issue resolved?
As OECGI and OICGI do not share the same code base then I imagine that particular issue will no longer be there. Have you tested OECGI in the same way as you tested OICGI to determine if there are any faults?
World leaders in all things RevSoft
At 16 JUN 2003 04:04PM Bertil Strom wrote:
Thanks, I wasn't aware of the sysenv issue needed to recompile inet_security. Regarding the 'buffer-ovewrflow' I will have the Oecgi evaluated the same way.
Bertil
At 16 JUN 2003 04:44PM Pat McNerthney wrote:
Bertil,
I just gave the OECGI code a quick review and do not believe that there are any buffer overflow problems. Let me know if you find any and I promise to have it resolved ASAP.
Pat
At 14 AUG 2003 08:30AM Bertil Strom wrote:
Pat,
For your knowledge, we've just had an independent security analysis of our website and they could not find any buffer-over-flow or similar problem.
Thanks
Bertil