Ticket Navigation

Ticket #533 (new bug)

Opened 4 months ago

Last modified 2 months ago

XML dump when an error occurs is too verbose

Reported by:	jeanyves	Assigned to:
Priority:	critical	Milestone:	Rox Framework, Upgrade
Component:	FrameWork	Version:	all
Keywords:	password XML security	Cc:	lemon-head, steinwinde
Follow up needed:	test	Frequently reported:	1
Announce on BW:	0

Description

The problem is that some password (database, and even some user one) can be displayed in it.

Since it is mainly for the user eyes this is not a big risk for the user himself, but we have had a case where such a report (by the user who copy paste the error message) finally arrive in the BV forum. This was allowing any reader of the BV Forum to read the Username and the password of the user !

This is to fix (to find a way to avoid password content display in these XML error dump)

in addition : this show that the BV Volunteer forum is something which is for volunteer and not for anonym visitors, because here can be reported various case with very sensible information.

Change History

04/22/08 12:11:04 changed by lemon-head

milestone changed from 0.1.5 - short - xxx to Rox Framework, Upgrade.

I set the milestone to "Rox Framework, Upgrade" because the basic new framework stuff will work quite well without an improved error display. This means, a solution for this problem can be moved online any time after the basic framework stuff is on production.

In general I totally agree with the request! And even for test.bw, the XML error page is totally annoying, as it mixes with the html and makes the browser complain about invalid XML.

07/04/08 14:55:15 changed by guaka

cc changed from lemon-head steinewinde to lemon-head, steinwinde.
follow_up changed from none to test.
summary changed from XML dump when an error occurs is to verbose to XML dump when an error occurs is too verbose.

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed