|
If you were logged in you would be able to see more operations.
|
|
|
OpenLaszlo
Created: 20/Feb/07 06:43 PM
Updated: 06/Mar/07 04:51 PM
|
|
| Component/s: |
Server - Data Transport
|
| Affects Version/s: |
3.1 (aka Denver),
3.0,
3.0.2,
3.2 (Sage),
3.1.1 (aka Quill),
ETech,
Legals PR1,
3.3,
Legals PR2,
3.3.1,
3.4,
3.3.2,
3.3.3,
OL4B1,
Legals PR4,
Legals PR3,
4.0.0
|
| Fix Version/s: |
4.0.0
|
|
| Severity: |
Minor
|
| Fixed in Change#: |
4,008
|
| Runtime: |
N/A
|
| Fix in hand: |
False
|
Mark Davis says:
I've been able to verify that the deny feature of proxied requests is
broken in trunk.
test procedure here:
http://wiki.openlaszlo.org/Blacklist_/_Whitelist_Tests
Then:
As for the security regression, I have finally reproduced the correct
behavior.
in 2.0
Now I need to figure out what test we were using to verify the feature.
The test I remember running was using dataimage2.lzx and had a specific
load failure built in, but that was a whitelisted app which might have
different behavior. By using Amazon.lzx and the deny feature, I have
verified that it became broken between 2.0 and 2.2.
|
|
Description
|
Mark Davis says:
I've been able to verify that the deny feature of proxied requests is
broken in trunk.
test procedure here:
http://wiki.openlaszlo.org/Blacklist_/_Whitelist_Tests
Then:
As for the security regression, I have finally reproduced the correct
behavior.
in 2.0
Now I need to figure out what test we were using to verify the feature.
The test I remember running was using dataimage2.lzx and had a specific
load failure built in, but that was a whitelisted app which might have
different behavior. By using Amazon.lzx and the deny feature, I have
verified that it became broken between 2.0 and 2.2.
|
Show » |
|
Bug
Verified
P0
OL4- Serious Issue with proxy whitelist/blacklist feature