Webfrontend #720

Security audition

Added by Alexander Blum almost 3 years ago. Updated about 2 years ago.

Status:NeuStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-Estimated time:10.00 h
Target version:Repertoire 4) Production phase I

Description

Check

  • ACLs in
    • form controller
    • api
    • templates
  • usage of oid (and not id) in
    • form controller
    • apis
  • permissions in resources
  • handling of user input
    • in colander (data type, validator)
    • in form controller (where it is passed to tryton)
    • in api (where it is passed to tryton)
  • escaping of (user) data in tryton
  • escaping of (user) data in javascript
  • values of secrets (crsf, password salts, etc)
  • logging of actions, which changes the db

History

#1 Updated by Alexander Blum over 2 years ago

  • Estimated time set to 10.00

#2 Updated by Alexander Blum about 2 years ago

  • Target version changed from 4) Production phase I to Repertoire 4) Production phase I

#3 Updated by Alexander Blum about 2 years ago

  • Project changed from repertoire to collecting_society

Also available in: Atom PDF