Infra/lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f0c895a008
lemur/lemur/roles
History
Marti Raudsepp cf805f530f Prevent unintended access to sensitive fields (passwords, private keys) (#876) 
Make sure that fields specified in filter, sortBy, etc. are model fields
and may be accessed. This is fixes a potential security issue.

The filter() function allowed guessing the content of password hashes
one character at a time.

The sort() function allowed the user to call an arbitrary method of an
arbitrary model attribute, for example sortBy=id&sortDir=distinct would
produce an unexpected error.
2017-08-16 09:38:42 -07:00
..
__init__.py initial commit 2015-06-22 13:47:27 -07:00
models.py Prevent unintended access to sensitive fields (passwords, private keys) (#876) 2017-08-16 09:38:42 -07:00
schemas.py Docs (#344) 2016-06-03 08:28:09 -07:00
service.py Minor documentation fixes/tweaks (#597) 2016-12-14 09:29:04 -08:00
views.py Minor documentation fixes/tweaks (#597) 2016-12-14 09:29:04 -08:00