[Phpmyadmin-devel] Re: [Phpmyadmin-users] bugs recently published on securityfocus
Marc Delisle
DelislMa at CollegeSherbrooke.qc.ca
Thu Jun 19 05:51:14 CEST 2003
Garvin Hicking wrote:
> Hi
>
>
>>Hi:I just want to now..if the recently published bugs at securityfocus
>>are true..sometimes te people lie on this list...thats my
>>question...--Visita
>
>
> You seem to mean http://www.securityfocus.com/archive/1/325641 ? I just found that
> by searching the site. Sadly though, that person has never contacted the team about
> that issue.
>
> As far as I can tell, that ImportDocSQL security issue was fixed since 2.5.0 - I
> haven't looked into the other XSS issues, as the original poster doesn't exactly
> specify them. Most actions need a valid 'session' to execute cross-site scripting,
> which is not *that* serious. Storing cookies unencrypted is documented in some of
> our RFE trackers, why we don't encrypt the data currently.
>
> But our team should definitely take some time to write a follow-up/response to that
> item...
Yes. Maybe a link on phpmyadmin.net that points to a new FAQ entry about this security
report? This way, we don't clutter the main site.
Marc Delisle
More information about the Developers
mailing list