[pgAdmin][5919] Fix security related issues

Поиск

Список

Период

Сортировка

От	Ganesh Jaybhay
Тема	[pgAdmin][5919] Fix security related issues
Дата	19 октября 2020 г. 15:01:07
Msg-id	CAK6syApbZRiHvJ9Z=mzAg6XPY79wWCPQsyBXo+3kut5UPUEsDA@mail.gmail.com обсуждение исходный текст
Ответы	Re: [pgAdmin][5919] Fix security related issues (Dave Page <dpage@pgadmin.org>)
Список	pgadmin-hackers

Hi Hackers,

Please find the attached patch to fix the below security issues:

Host Header Injection - Added ALLOWED_HOSTS list to limit host address
Lack of Content Security Policy (CSP) - Added security header
Lack of Protection Mechanisms - HSTS - Added security header
Lack of Cookie Attribute – Secure : Kept as False as secure limits cookies to HTTPS traffic only.
Information Disclosure – Web Server / Development Framework VersionDescription: Kept as hard coded 'Python' instead of exposing wsgi/python/gunicorn version info.

Please review and let me know if I have missed anything.

Regards,

Ganesh Jaybhay

В списке pgadmin-hackers по дате отправления:

От: Akshay Joshi
Дата: 19 октября 2020 г., 08:28:05
Сообщение: Re: [pgAdmin4][RM4232]: Change what is shown by default in tab titles

От: Dave Page
Дата: 19 октября 2020 г., 15:08:03
Сообщение: Re: [pgAdmin][5919] Fix security related issues