2014-01-29 Eric Reed :
> Security has, and should be an open arrangement between developers and
> the clients for which they develop code.
>
> This relationship is as follows:
>
> 1. I detect an exploit in YOUR code.
>
> 2. I inform you of the exploit along with a proof of concept.
>
> 3. I give yo
2014-01-29 Manuel López Blasi :
> Thanks again Lukasz,
>
> for question 1) Security issues: can you recommend some
> modifications/actions/alterations in maybe certain
> parts of the code, any advice on weak points we can focus in regardings
> security issues?
You must implement custom authenticat
Security has, and should be an open arrangement between developers and
the clients for which they develop code.
This relationship is as follows:
1. I detect an exploit in YOUR code.
2. I inform you of the exploit along with a proof of concept.
3. I give you time to release a patch and notify
Thanks again Lukasz,
for question 1) Security issues: can you recommend some
modifications/actions/alterations in maybe certain
parts of the code, any advice on weak points we can focus in regardings
security issues?
for question 2)Prepare interceptor: So there's no way of remove the
"prepa
2014-01-29 Manuel López Blasi :
> 1) Having the action.prefix enabled there's no intereference in the
> securyity fixes introduced in the last versions, it should be all fully
> working isn't it?
> We have Dynamic Method Invocation disabled.
No, action: prefix can be dangerous but it depends on se
Lukasz ,
first of all thanks a lot for this hint, that is what was causing the
submit buttons not to respond in the way i was expecting,
it now fires up the method specified in the action attribute. It saved
us a lot of work not to say that we were about to ditch the upgrade
completely.
I ha
6 matches
Mail list logo
