Bug 4853 - security audit of the HTML client
Summary: security audit of the HTML client
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Web Access (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.3.0
Assignee: Karl Mikaelsson
Keywords: prosaic
Depends on:
Blocks: 4615
  Show dependency treegraph
Reported: 2013-10-16 13:39 CEST by Pierre Ossman
Modified: 2014-10-06 15:49 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2013-10-16 13:39:58 CEST
Now that we will be exposing our tlstunnel/webserver code to the evils of the unfiltered internet, we probably need to have a more rigorous look through the code to make sure we don't have any obvious security issues. We should also make sure that it is properly robust against various denial of service attacks.
Comment 1 Samuel Mannehed cendio 2014-04-08 09:47:18 CEST
We need to validate input we get from the browser and from the user. Some of this work has been done as part of bug 4840 but a more thorough look is needed.
Comment 2 Karl Mikaelsson cendio 2014-09-19 13:09:15 CEST
I've opened new bugs for all issues I've found, but I could find no more in the time spent on this bug. I've created bug 5263 about mitigating denial of service attacks.
Comment 3 Karl Mikaelsson cendio 2014-09-19 13:09:54 CEST
Since all issues got new reported as new bugs, there is nothing to test on this bug. Closing.

Note You need to log in before you can comment on or make changes to this bug.