Attachment 825568 Details for Bug 1030578 – Documentation enhancement

[patch] Documentation enhancement

0001-Security-notice-for-Proxy.patch (text/plain), 1.53 KB, created by Petr Pisar on 2013-11-18 12:01:51 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Petr Pisar

Created: 2013-11-18 12:01:51 UTC

Size: 1.53 KB

patch

obsolete

>From cd8fcbbf402e1d70c9f325f8b0fcd99e02cf14be Mon Sep 17 00:00:00 2001
>From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
>Date: Mon, 18 Nov 2013 12:52:09 +0100
>Subject: [PATCH] Security notice for Proxy
>MIME-Version: 1.0
>Content-Type: text/plain; charset=UTF-8
>Content-Transfer-Encoding: 8bit
>
>PlRPC is not secure due to Storable. Warn Proxy users about it.
>
>Signed-off-by: Petr PÃsaÅ <ppisar@redhat.com>
>---
> lib/DBD/Proxy.pm       | 7 +++++++
> lib/DBI/ProxyServer.pm | 7 +++++++
> 2 files changed, 14 insertions(+)
>
>diff --git a/lib/DBD/Proxy.pm b/lib/DBD/Proxy.pm
>index 287b2dc..5948255 100644
>--- a/lib/DBD/Proxy.pm
>+++ b/lib/DBD/Proxy.pm
>@@ -974,6 +974,13 @@ The workaround is storing the modified local copy back to the server:
>   $dbh->{"csv_tables"} = $tables;
> 
> 
>+=head1 SECURITY WARNING
>+
>+L<RPC::PlClient> used underneath is not secure due to serializing and
>+deserializing data with L<Storable> module. Use the proxy driver only in
>+trusted environment.
>+
>+
> =head1 AUTHOR AND COPYRIGHT
> 
> This module is Copyright (c) 1997, 1998
>diff --git a/lib/DBI/ProxyServer.pm b/lib/DBI/ProxyServer.pm
>index 68ad4af..78a0d78 100644
>--- a/lib/DBI/ProxyServer.pm
>+++ b/lib/DBI/ProxyServer.pm
>@@ -867,6 +867,13 @@ Don't try to put parameters into the sql-query like this:
> =back
> 
> 
>+=head1 SECURITY WARNING
>+
>+L<RPC::PlServer> used underneath is not secure due to serializing and
>+deserializing data with L<Storable> module. Use the proxy driver only in
>+trusted environment.
>+
>+
> =head1 AUTHOR
> 
>     Copyright (c) 1997    Jochen Wiedmann
>-- 
>1.8.3.1
>

Actions: View | Diff

Attachments on bug 1030578: 825568