Hi
a couple of weeks ago, we asked about this kind of vulnerabilities in
this messge
http://dspace.2283337.n4.nabble.com/SQL-injection-attacks-td4673013.html
We were notified by our gubernamental IT security agency about the
recurrence of this attack (apparently without success) to one of the
DSPace installation that our company supports.
We asked for an update of
http://dspace.2283337.n4.nabble.com/Dspace-tech-DSpace-and-Cross-site-scripting-SQL-Injection-attack-vulnerabilities-td3276960.html,
but we didn´t consider to fill a JIRA report since the attacks were
unsuccessful.
Regards
El 30/05/2014 13:01, Pottinger, Hardy J. escribió:
Hi, before this conversation goes any further, we have a system to deal with
bug reports, and we take them very seriously. Please submit a detailed bug
report, including steps to reproduce the error, to
https://jira.duraspace.org/browse/DS
Thanks!
PS, I would be very surprised if any JDBC-based webapp ever contained an SQL
injection error, as there is very good protection from that in those libraries.
Sent from my NOOK
Koh Kim Boon <koh_kim_b...@sp.edu.sg> wrote:
Hi
As we are a government related agency, our IT agency does a regular
security scan to check for weakness or vulnerabilities.
*/Koh Kim Boon/*
*Department of Information and Digital Technology (Library Solutions)*
500 Dover Road, Singapore 139651
_DID: 67721129_
Tel: 67721160
Fax: 61121969
Email: koh_kim_b...@sp.edu.sg <mailto:koh_kim_b...@sp.edu.sg>
*From:*Hilton Gibson [mailto:hilton.gib...@gmail.com]
*Sent:* Friday, 30 May 2014 4:10 PM
*To:* Koh Kim Boon
*Cc:* dspace-tech@lists.sourceforge.net
*Subject:* Re: [Dspace-tech] Security vulnerability - Blind SQL injection
On 30 May 2014 03:32, Koh Kim Boon <koh_kim_b...@sp.edu.sg
<mailto:koh_kim_b...@sp.edu.sg>> wrote:
Recent my dspace server had a security scan and one of the
vulnerabilities listed in blind sql injection.
Hi Koh
Can you tell us exactly the nature of the "security scan"
Thanks.
*Hilton Gibson*
Ubuntu Linux Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa
Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://scholar.sun.ac.za
http://bit.ly/goodir
http://library.sun.ac.za
http://za.linkedin.com/in/hiltongibson
------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette