Xataface Security Warning: (Well not really).

News about Xataface

Xataface Security Warning: (Well not really).

Postby shannah » Tue Mar 30, 2010 2:01 pm

I ran across this security warning on Twitter.
http://packetstormsecurity.org/filedesc ... s.txt.html

Someone has observed that if Xataface is set up on a database WITHOUT any permissions or security, then it provides write access to the database.

This is not a security hole in Xataface but it is worth noting that if you are setting up a Xataface application that is accessible to the world, that you should implement permissions at least in the Application Delegate class.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Return to Xataface News

Who is online

Users browsing this forum: No registered users and 74 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved