[jira] Commented: (OFBIZ-2729) special security should be required for setting passwords

[ https://issues.apache.org/jira/browse/OFBIZ-2729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12845063#action_12845063 ] Michele Orru commented on OFBIZ-2729: - Hi Jacques, I'm too much busy on multiple

[jira] Commented: (OFBIZ-2729) special security should be required for setting passwords

[ https://issues.apache.org/jira/browse/OFBIZ-2729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12730994#action_12730994 ] Michele Orru commented on OFBIZ-2729: - As I've specified in in SF thread, and as Si

[jira] Commented: (OFBIZ-2135) Dojo html editor problems

[ https://issues.apache.org/jira/browse/OFBIZ-2135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12708113#action_12708113 ] Michele Orru commented on OFBIZ-2135: - Everything works fine both on mac OS X leopard

[jira] Commented: (OFBIZ-2135) Dojo html editor problems

[ https://issues.apache.org/jira/browse/OFBIZ-2135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12707844#action_12707844 ] Michele Orru commented on OFBIZ-2135: - Hi Jacques Tomorrow morning I will check it (on

[jira] Updated: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michele Orru updated OFBIZ-1959: Hi I had a bit of time this morning to check XSRF mitigation on ofbiz latest trunk revision

[jira] Updated: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michele Orru updated OFBIZ-1959: Hi developers. As asked by Jaques a few days ago, I did a pen test on the latest ofbiz trunk and I

[jira] Commented: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12675948#action_12675948 ] Michele Orru commented on OFBIZ-1959: - Hi David, Hi Jacques Here I've found another

[jira] Issue Comment Edited: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12675948#action_12675948 ] euronymous edited comment on OFBIZ-1959 at 2/23/09 7:40 AM: --

[jira] Issue Comment Edited: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12675948#action_12675948 ] euronymous edited comment on OFBIZ-1959 at 2/23/09 7:48 AM: --

[jira] Commented: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12675958#action_12675958 ] Michele Orru commented on OFBIZ-1959: - Anyway...The hackaton idea is not bad! I really

[jira] Commented: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12675037#action_12675037 ] Michele Orru commented on OFBIZ-1959: - Hi Jacques. The steps are easy: 1. log in to

[jira] Issue Comment Edited: (OFBIZ-2194) Password visible in URL query string hidden parameter (pre/post auth)

[ https://issues.apache.org/jira/browse/OFBIZ-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12674546#action_12674546 ] euronymous edited comment on OFBIZ-2194 at 2/18/09 1:29 AM: --

[jira] Commented: (OFBIZ-2194) Password visible in URL query string hidden parameter (pre/post auth)

[ https://issues.apache.org/jira/browse/OFBIZ-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12674546#action_12674546 ] Michele Orru commented on OFBIZ-2194: - Hi David Yes you're right. I'm sorry but I was

[jira] Resolved: (OFBIZ-2194) Password visible in URL query string hidden parameter (pre/post auth)

[ https://issues.apache.org/jira/browse/OFBIZ-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michele Orru resolved OFBIZ-2194. - Resolution: Fixed Confirmed fixed in rev. 742352 Password visible in URL query string hidden

[jira] Issue Comment Edited: (OFBIZ-2194) Password visible in URL query string hidden parameter (pre/post auth)

[ https://issues.apache.org/jira/browse/OFBIZ-2194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12674547#action_12674547 ] euronymous edited comment on OFBIZ-2194 at 2/18/09 1:35 AM: --

[jira] Commented: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12674572#action_12674572 ] Michele Orru commented on OFBIZ-1959: - Hi David, Hi Jaques. I'm analyzing your patches

[jira] Issue Comment Edited: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12674572#action_12674572 ] euronymous edited comment on OFBIZ-1959 at 2/18/09 3:14 AM: --

[jira] Commented: (OFBIZ-2135) Dojo html editor problems

[ https://issues.apache.org/jira/browse/OFBIZ-2135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12674643#action_12674643 ] Michele Orru commented on OFBIZ-2135: - Mhh good question Jacques... well...If you're

[jira] Created: (OFBIZ-2194) Password visible in URL query string hidden parameter (pre/post auth)

Password visible in URL query string hidden parameter (pre/post auth) --- Key: OFBIZ-2194 URL: https://issues.apache.org/jira/browse/OFBIZ-2194 Project: OFBiz Issue Type:

[jira] Commented: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12674013#action_12674013 ] Michele Orru commented on OFBIZ-1959: - Hi Jacques Sorry to come here in the discussion

[jira] Created: (OFBIZ-2135) Dojo html editor problems

Dojo html editor problems - Key: OFBIZ-2135 URL: https://issues.apache.org/jira/browse/OFBIZ-2135 Project: OFBiz Issue Type: Bug Components: content Affects Versions: SVN trunk Environment:

[jira] Created: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation Key: OFBIZ-1959 URL: https://issues.apache.org/jira/browse/OFBIZ-1959 Project:

[jira] Commented: (OFBIZ-1959) Multiple Security Issues (XSRF, XSS, Session Hijacking): exploitation and mitigation

[ https://issues.apache.org/jira/browse/OFBIZ-1959?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=12630879#action_12630879 ] Michele Orru commented on OFBIZ-1959: - Of course I tested all of them on Ofbiz, and the