[
http://mifosforge.jira.com/browse/MIFOS-2531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Udai Gupta updated MIFOS-2531:
------------------------------
Reporter: Udai Gupta (was: ejrenaud)
Summary: Security enhancement for Unrestricted File Uploads (was:
:Security enhancement for Unrestricted File Uploads)
> Security enhancement for Unrestricted File Uploads
> --------------------------------------------------
>
> Key: MIFOS-2531
> URL: http://mifosforge.jira.com/browse/MIFOS-2531
> Project: mifos
> Issue Type: Bug
> Components: Technical Discussion
> Affects Versions: Release 1.4
> Environment: Platform: All, OS: All
> Reporter: Udai Gupta
> Assignee: mifosdeveloperqueue
> Fix For: Gazelle Backlog
>
>
> Summary :Security enhancement for Unrestricted File Uploads
> Description: There is a need of better and more secure file validation
> mechanism
> in file uploading modules In order to avoid any vulnerability related to
> unrestricted file uploads. The user policies takes care for security for these
> modules because the permission for upload given to users for upload are
> trusted.
> There can be enhanced logging in these area to have record for what file has
> been uploaded by whom.
> http://cwe.mitre.org/data/definitions/434.html
> http://shsc.info/FileUploadSecurity
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Mifos-issues mailing list
Mifos-issues@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mifos-issues
