View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000371 | WackoWiki | security | public | 2010-07-05 13:28 | 2018-01-31 12:23 |
| Reporter | Elar9000 | Assigned To | RideSnowNow | ||
| Priority | high | Severity | feature | Reproducibility | N/A |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.3.rc | ||||
| Target Version | 5.5.0 | Fixed in Version | 5.5.0 | ||
| Summary | 0000371: Random generation of table and cookie prefix before install | ||||
| Description | When we install the Wackowiki system there is an opportunity to set table and cookie prefix. But many people leave the default values. It's not good especially if the table prefix is the same as cookie prefix (the security issue). To remove this security flaw we should: 1. Offer different random default values for table and cookie prefixes. E.g. wacko_dsfD_ for tables and wacko_djZX_ for cookies. 2. Check user input to prevent using the same prefixes for tables and cookies. | ||||
| Steps To Reproduce | See wakka.config.php in R4.2 or coinfig.inc.php in later versions for variables "table_prefix" and "cookie_prefix" and their values. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-07-05 13:28 | Elar9000 | New Issue | |
| 2010-07-07 16:01 | administrator | Status | new => confirmed |
| 2010-07-07 16:05 | administrator | Relationship added | related to 0000171 |
| 2010-07-22 11:27 | administrator | Note Added: 0000767 | |
| 2010-07-22 11:27 | administrator | Priority | normal => high |
| 2012-04-22 17:04 | administrator | Target Version | 5.0.0 => 5.4.0 |
| 2014-03-21 14:57 | administrator | Target Version | 5.4.0 => 5.5.0 |
| 2015-02-19 19:29 | administrator | Target Version | 5.5.0 => 6.1.x |
| 2016-08-22 12:35 | administrator | Assigned To | => administrator |
| 2016-08-22 12:35 | administrator | Status | confirmed => assigned |
| 2016-08-22 12:35 | administrator | Resolution | open => fixed |
| 2016-08-22 12:35 | administrator | Fixed in Version | => 5.5.0 |
| 2016-08-22 12:35 | administrator | Target Version | 6.1.x => 5.5.0 |
| 2016-08-22 12:35 | administrator | Note Added: 0000965 | |
| 2016-08-22 12:41 | administrator | Status | assigned => resolved |
| 2016-09-21 09:18 | administrator | Fixed in Version | 5.5.0 => 5.5.rc2 |
| 2017-08-31 09:36 | administrator | Fixed in Version | 5.5.rc2 => 5.5.0 |
| 2018-01-31 12:23 | administrator | Assigned To | administrator => RideSnowNow |
