[
http://mifosforge.jira.com/browse/MIFOS-2531?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
keithwoodlock updated MIFOS-2531:
---------------------------------
Fix Version/s: (was: Mifos Backlog)
Unscheduled
> Security enhancement for Unrestricted File Uploads
> --------------------------------------------------
>
> Key: MIFOS-2531
> URL: http://mifosforge.jira.com/browse/MIFOS-2531
> Project: mifos
> Issue Type: Improvement
> Components: Technical Discussion
> Affects Versions: Release 1.4
> Environment: Platform: All, OS: All
> Reporter: Udai Gupta
> Assignee: mifosdeveloperqueue
> Fix For: Unscheduled
>
>
> Summary :Security enhancement for Unrestricted File Uploads
> Description: There is a need of better and more secure file validation
> mechanism
> in file uploading modules In order to avoid any vulnerability related to
> unrestricted file uploads. The user policies takes care for security for these
> modules because the permission for upload given to users for upload are
> trusted.
> There can be enhanced logging in these area to have record for what file has
> been uploaded by whom.
> http://cwe.mitre.org/data/definitions/434.html
> http://shsc.info/FileUploadSecurity
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its
next-generation tools to help Windows* and Linux* C/C++ and Fortran
developers boost performance applications - including clusters.
http://p.sf.net/sfu/intel-dev2devmay
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
