Hi All, This may not be a Mason issue, but I have a security report stating
the following:
"Your app no longer use any of the Perl Storable Object cookies (cn, dn,
changetoken) to keep state or perform authentication actions. However, the
underlying Perl Mason application framework will still process the data in
these cookies as Storable objects if they are included in user requests.
As a result, it is still possible to trigger exploitation."
*Remediation: *Do not process any cookies in user requests as Perl
Storable objects.
Looking for any guidance, clarity, or theories on the statement (high level
of just where to look or what is it I might look for in the code). This
application was written a long time ago by someone else, and I'm just
trying to keep it running.
Thanks in advance,
--
Hiram Gibbard
hgibb...@gmail.com
http://hiramgibbard.com
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Mason-users mailing list
Mason-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mason-users
