Hello, I've read somewhere that there were some possibilities of cross-site scripting with older OpenCA versions. If this is the case, some malicious code could be introduced. I would like to know if this problem is still existing with 0.9.3 version?
A solution to avoid this could be to make the RA also offline. Isn't it ? (In this case, the request of the certificates for the client will be executed by an administrator of the PKI, after having received client's data via mail for example.) I'm trying to build the most safety PKI possible, so thank you in advance for your answers!! Best regards Sam -- View this message in context: http://www.nabble.com/Cross-site-scripting-tf4683975.html#a13384532 Sent from the openca-users mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
