Project

General

Profile

Actions
Copy link

bug #9220

closed

adapt dataportal to /registrationDTO now using identifier as query parameter and secure against CVE-2007-0450 vulnerability

Added by Andreas Kohlbecker over 3 years ago. Updated over 3 years ago.

Status:
Closed
Priority:
Highest
Assignee:
Andreas Kohlbecker
Category:
cdm-dataportal
Target version:
Release 5.18
Start date:
Due date:
% Done:

100%

Estimated time:
Severity:
normal
Found in Version:
Tags:
security phycobank

Description

A)
the registration page must be secured against CVE-2007-0450 by using an identifier query parameter.

B)
after solving #9218: adapt dataportal to /registrationDTO & /registration now using identifier as query parameter

http://cdmserver.org/registrationDTO?identifier=http://testbank.org/100001
http://cdmserver.org/registration/status?identifier=http://testbank.org/100001

Related issues

Related to EDIT - bug #9218: Change /registrationDTO/identifier/... signatures to use query parameters insteadClosedAndreas Kohlbecker

Actions
Related to EDIT - task #9219: Revert: requests with %2F in URL are rejected by apache NewAndreas Kohlbecker

Actions
Related to EDIT - bug #9383: Adapt apache configuration to modified dataportal registration page URL patternClosedAndreas Kohlbecker

Actions
Actions
Copy link

Also available in: Atom PDF