----- Il 29-mar-17, alle 16:22, Hiram Gibbard <hgibb...@gmail.com> ha scritto:
> Anyone have any feed back on what might be expected from me to address the
> fact
> that mason is using Perl storable objects?
> On Tue, Jan 31, 2017 at 11:05 AM, Hiram Gibbard < hgibb...@gmail.com > wrote:
>> Hi All, This may not be a Mason issue, but I have a security report stating
>> the
>> following:
>> "Your app no longer use any of the Perl Storable Object cookies (cn, dn,
>> changetoken) to keep state or perform authentication actions. However, the
>> underlying Perl Mason application framework will still process the data in
>> these cookies as Storable objects if they are included in user requests. As a
>> result, it is still possible to trigger exploitation."
>> Remediation: Do not process any cookies in user requests as Perl Storable
>> objects.
>> Looking for any guidance, clarity, or theories on the statement (high level
>> of
>> just where to look or what is it I might look for in the code). This
>> application was written a long time ago by someone else, and I'm just trying
>> to
>> keep it running.
On the Internet I do not find any trace of this notification in order to
understand what is meant by " Perl Storable Object cookies ".
What is the source of the alert ?
___
gdo
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users
