bug #9220
adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability
Status:
Closed
Priority:
Highest
Assignee:
Category:
cdm-dataportal
Target version:
Start date:
09/07/2020
Due date:
% Done:
100%
Severity:
normal
Found in Version:
Description
A)
the registration page must be secured against CVE-2007-0450 by using an identifier
query parameter.
B)
after solving #9218: adapt dataportal to /registrationDTO & /registration now using identifier as query parameter
http://cdmserver.org/registrationDTO?identifier=http://testbank.org/100001 http://cdmserver.org/registration/status?identifier=http://testbank.org/100001
Related issues
Associated revisions
fix #9220 dataportal adapted to registration controllers now using identifier as query parameter
ref #9220 registratin page using query param 'identifier' to protect against CVE-2007-0450 vulnerability
ref #9220 adapting link creation to new registration page URL schema
ref #9220 adapting link creation to new registration page URL schema - adapting test
History
#1 Updated by Andreas Kohlbecker 6 months ago
- Related to bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters instead added
#2 Updated by Andreas Kohlbecker 6 months ago
- Status changed from New to Resolved
- % Done changed from 0 to 50
Applied in changeset cdm-dataportal|bd15166b63c77d27c4d30e3d9b881fc6f776b9a2.
#3 Updated by Andreas Kohlbecker 6 months ago
- Subject changed from adapt dataportal to /registrationDTO now using identifier as query parameter to adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability
- Description updated (diff)
#4 Updated by Andreas Kohlbecker 6 months ago
- Related to task #9219: Revert: requests with %2F in URL are rejected by apache added
#5 Updated by Andreas Kohlbecker 3 months ago
- Status changed from Resolved to Closed
- % Done changed from 50 to 100
#6 Updated by Andreas Kohlbecker about 2 months ago
- Related to bug #9383: Adapt apache configuration to modified dataportal registration page URL pattern added