Xataface Security Warning: (Well not really).
Posted: Tue Mar 30, 2010 2:01 pm
I ran across this security warning on Twitter.
http://packetstormsecurity.org/filedesc ... s.txt.html
Someone has observed that if Xataface is set up on a database WITHOUT any permissions or security, then it provides write access to the database.
This is not a security hole in Xataface but it is worth noting that if you are setting up a Xataface application that is accessible to the world, that you should implement permissions at least in the Application Delegate class.
-Steve
http://packetstormsecurity.org/filedesc ... s.txt.html
Someone has observed that if Xataface is set up on a database WITHOUT any permissions or security, then it provides write access to the database.
This is not a security hole in Xataface but it is worth noting that if you are setting up a Xataface application that is accessible to the world, that you should implement permissions at least in the Application Delegate class.
-Steve