Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: Finish first stage of audit
What we've done: We've tried to protect against attacks by the "public". Most of our attention has been directed towards XSS, CSRF and other attacks by users who aren't logged in. Our security audit was based on the following principles: 1) Users with access to /admin are (unfortunately) fully trusted. There are simply too many ways for them to escalate their privileges right now, if they're willing to use XSS and other attacks. 2) Things which look "suspicious" were simply fixed, without any attempt to determine whether they could be exploited in the wild. 3) Whenever possible, we instituted broad, automatic protections against entire classes of attacks. These include SafeERB and read-only GET requests. This means that we don't need to audit every single view, controller and plugin for subtle errors. What still needs work: My hacked version of SafeERB is currently breaking script/generate.
- Loading branch information