[Mifos-issues] [JIRA Studio] Updated: (MIFOS-2531) :Security enhancement for Unrestricted File Uploads

Van Mittal-Henkle (JIRA) Tue, 02 Feb 2010 13:49:48 -0800

     [ 
http://mifosforge.jira.com/browse/MIFOS-2531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Van Mittal-Henkle updated MIFOS-2531:
-------------------------------------

    Priority: Minor  (was: Major)

Lowering priority since users with file upload permissions are trusted.


> :Security enhancement for Unrestricted File Uploads
> ---------------------------------------------------
>
>                 Key: MIFOS-2531
>                 URL: http://mifosforge.jira.com/browse/MIFOS-2531
>             Project: mifos
>          Issue Type: Bug
>          Components: Technical Discussion
>    Affects Versions: Release 1.4
>         Environment: Platform: All, OS: All
>            Reporter: ejrenaud
>            Assignee: mifosdeveloperqueue
>             Fix For: Gazelle Backlog
>
>
> Summary :Security enhancement for Unrestricted File Uploads
> Description: There is a need of better and more secure file validation 
> mechanism
> in file uploading modules In order to avoid any vulnerability related to
> unrestricted file uploads. The user policies takes care for security for these
> modules because the permission for upload given to users for upload are 
> trusted.
> There can be enhanced logging in these area to have record for what file has
> been uploaded by whom.
> http://cwe.mitre.org/data/definitions/434.html
> http://shsc.info/FileUploadSecurity

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues

[Mifos-issues] [JIRA Studio] Updated: (MIFOS-2531) :Security enhancement for Unrestricted File Uploads

Reply via email to