Ticket #262 (closed defect: fixed)
Validate username
Reported by: | kmaclean | Owned by: | kmaclean |
---|---|---|---|
Priority: | major | Milestone: | SpeechSubmission 0.1 |
Component: | SpeechSubmission | Version: | Website 0.2 |
Keywords: | Cc: |
Description (last modified by kmaclean) (diff)
Need to validate username field to ensure that attacker cannot user buffer overflow type exploits on the username.
Need to test with spaces in username field, and odd characters ...
Create a max size for this variable 25 alphanumeric characters only; truncate over 25, and remove any non-alphanumeric characters
Change History
comment:2 Changed 13 years ago by kmaclean
Image processing Buffer overflow vulnerability in the Sun JDK - it uses native code for image parsing and there is a Buffer overflow vulnerability with the parser.
A buffer overflow vulnerability is a kind of security hole when an application can put its executable code or data behind the border (in memory) which OS allocates for this application, including a data. It results in a situation when a code is placed outside of permitted place in memory where it is allowed to do it. Look at affected versions and the solution below.
A buffer overflow vulnerability in the parser may allow an untrusted applet or application to elevate its privileges in OS. For example, an applet may grant itself permissions to read and write local files. It can probably execute local applications that are accessible to the user running the untrusted applet.
comment:6 Changed 13 years ago by kmaclean
- Status changed from new to closed
- Resolution set to fixed
comment:7 Changed 13 years ago by root
- Milestone SpeechSubmission 0.1 deleted
Milestone SpeechSubmission 0.1 deleted