Anyone have any feed back on what might be expected from me to address the
fact that mason is using Perl storable objects?
On Tue, Jan 31, 2017 at 11:05 AM, Hiram Gibbard <hgibb...@gmail.com> wrote:
> Hi All, This may not be a Mason issue, but I have a security report
> stating the following:
>
> "Your app no longer use any of the Perl Storable Object cookies (cn, dn,
> changetoken) to keep state or perform authentication actions. However, the
> underlying Perl Mason application framework will still process the data in
> these cookies as Storable objects if they are included in user requests.
> As a result, it is still possible to trigger exploitation."
>
> *Remediation: *Do not process any cookies in user requests as Perl
> Storable objects.
>
>
> Looking for any guidance, clarity, or theories on the statement (high
> level of just where to look or what is it I might look for in the code).
> This application was written a long time ago by someone else, and I'm just
> trying to keep it running.
>
>
> Thanks in advance,
>
>
>
> --
> Hiram Gibbard
> hgibb...@gmail.com
> http://hiramgibbard.com
>
>
--
Hiram Gibbard
hgibb...@gmail.com
http://hiramgibbard.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users
