Webfrontend #720
Security audition
Status: | Neu | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | - | Estimated time: | 10.00 h | |
Target version: | Repertoire 4) Production phase I |
Description
Check
- ACLs in
- form controller
- api
- templates
- usage of oid (and not id) in
- form controller
- apis
- permissions in resources
- handling of user input
- in colander (data type, validator)
- in form controller (where it is passed to tryton)
- in api (where it is passed to tryton)
- escaping of (user) data in tryton
- escaping of (user) data in javascript
- values of secrets (crsf, password salts, etc)
- logging of actions, which changes the db
History
#1 Updated by Alexander Blum about 4 years ago
- Estimated time set to 10.00
#2 Updated by Alexander Blum over 3 years ago
- Target version changed from 4) Production phase I to Repertoire 4) Production phase I
#3 Updated by Alexander Blum over 3 years ago
- Project changed from repertoire to collecting_society