Search found 3 matches
- 30 Jun 2008, 22:36
- Forum: General Discussion
- Topic: security and numeric issue hyperlinks bug
- Replies: 7
- Views: 7151
Re: security and numeric issue hyperlinks bug
Just so you understand how serious this is. Using this weird feature with in-line hyperlinks, one can easily see and download the entire tracker database. Using Excel, create 1 column worksheet with number 1 in the first cell and formula like ="#" & STR(A1+1) in the second cell, copy and paste it ...
- 30 Jun 2008, 22:27
- Forum: General Discussion
- Topic: security and numeric issue hyperlinks bug
- Replies: 7
- Views: 7151
Re: security and numeric issue hyperlinks bug
I cannot add anything to the tracker as I don't have an account for that. My forum's account is not working for the tracker.
***
I'm really surprised that nobody reported this critical security issue earlier. It seems to be right on the surface. As soon you as you create more than one project and ...
***
I'm really surprised that nobody reported this critical security issue earlier. It seems to be right on the surface. As soon you as you create more than one project and ...
- 27 Jun 2008, 15:45
- Forum: General Discussion
- Topic: security and numeric issue hyperlinks bug
- Replies: 7
- Views: 7151
security and numeric issue hyperlinks bug
I searched the change log and forums but was unable to find if the security issues with cross-references has been fixed.
Here is what I mean. Perhaps you have 2 private projects. Different people are allowed to access these project and they are not supposed to know what is going on in the other ...
Here is what I mean. Perhaps you have 2 private projects. Different people are allowed to access these project and they are not supposed to know what is going on in the other ...