[ http://issues.apache.org/jira/browse/COCOON-487?page=all ]
Pier Fumagalli updated COCOON-487:
----------------------------------
Assign To: Torsten Curdt (was: Torsten Curdt)
> SQL Injection Vulnerability in DatabaseAuthenticatorAction
> ----------------------------------------------------------
>
> Key: COCOON-487
> URL: http://issues.apache.org/jira/browse/COCOON-487
> Project: Cocoon
> Type: Bug
> Components: * Cocoon Core
> Versions: 2.0.5-dev (Current CVS)
> Environment: Operating System: All
> Platform: All
> Reporter: Geoff Howard
> Assignee: Torsten Curdt
>
> The code (in head as well as 2.0.3) is dynamically building sql select
> statement, does not use PreparedStatement, and does no input validation. The
> exploit is easily reproducible by entering a string such as
> Donald Ball'; DROP TABLE employee;
> as the user name in the form at /samples/protected/login. The vulnerability
> of
> course is not limited to the example, but would apply to anyone using
> DatabaseAuthenticatorAction.
> SOLUTION:
> Use PreparedStatement. The code seems to be largely based on
> DatabaseSelectAction which uses PreparedStatement. Is it a reasonable
> solution
> to make DatabaseAuthenticatorAction extend DatabaseSelectAction, call
> super.act
> () and introduce only the extra functionality needed? Unfortunately, I am
> unable to work on this at the moment.
> Geoff Howard
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
