[Phpmyadmin-devel] Re: [Phpmyadmin-users] bugs recently published on securityfocus are true?
Garvin Hicking
squirrel at supergarv.de
Wed Jun 18 12:39:05 CEST 2003
Hi
> Hi:I just want to now..if the recently published bugs at securityfocus
> are true..sometimes te people lie on this list...thats my
> question...--Visita
You seem to mean http://www.securityfocus.com/archive/1/325641 ? I just found that
by searching the site. Sadly though, that person has never contacted the team about
that issue.
As far as I can tell, that ImportDocSQL security issue was fixed since 2.5.0 - I
haven't looked into the other XSS issues, as the original poster doesn't exactly
specify them. Most actions need a valid 'session' to execute cross-site scripting,
which is not *that* serious. Storing cookies unencrypted is documented in some of
our RFE trackers, why we don't encrypt the data currently.
But our team should definitely take some time to write a follow-up/response to that
item...
Regards,
Garvin.
More information about the Developers
mailing list