4853 – security audit of the HTML client

Bug 4853 - security audit of the HTML client

Summary: security audit of the HTML client

Status:	CLOSED FIXED

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Web Access (show other bugs)
Version:	trunk
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	4.3.0
Assignee:	Karl Mikaelsson

URL:
Keywords:	prosaic

Depends on:
Blocks:	4615
	Show dependency tree / graph

Reported:	2013-10-16 13:39 CEST by Pierre Ossman
Modified:	2014-10-06 15:49 CEST (History)
CC List:	1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2013-10-16 13:39:58 CEST

Now that we will be exposing our tlstunnel/webserver code to the evils of the unfiltered internet, we probably need to have a more rigorous look through the code to make sure we don't have any obvious security issues. We should also make sure that it is properly robust against various denial of service attacks.

Comment 1 Samuel Mannehed cendio

2014-04-08 09:47:18 CEST

We need to validate input we get from the browser and from the user. Some of this work has been done as part of bug 4840 but a more thorough look is needed.

Comment 2 Karl Mikaelsson cendio

2014-09-19 13:09:15 CEST

I've opened new bugs for all issues I've found, but I could find no more in the time spent on this bug. I've created bug 5263 about mitigating denial of service attacks.

Comment 3 Karl Mikaelsson cendio

2014-09-19 13:09:54 CEST

Since all issues got new reported as new bugs, there is nothing to test on this bug. Closing.

Note You need to log in before you can comment on or make changes to this bug.