56 lines
1.5 KiB
Diff
56 lines
1.5 KiB
Diff
From cd8fcbbf402e1d70c9f325f8b0fcd99e02cf14be Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
|
|
Date: Mon, 18 Nov 2013 12:52:09 +0100
|
|
Subject: [PATCH] Security notice for Proxy
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
PlRPC is not secure due to Storable. Warn Proxy users about it.
|
|
|
|
Signed-off-by: Petr Písař <ppisar@redhat.com>
|
|
---
|
|
lib/DBD/Proxy.pm | 7 +++++++
|
|
lib/DBI/ProxyServer.pm | 7 +++++++
|
|
2 files changed, 14 insertions(+)
|
|
|
|
diff --git a/lib/DBD/Proxy.pm b/lib/DBD/Proxy.pm
|
|
index 287b2dc..5948255 100644
|
|
--- a/lib/DBD/Proxy.pm
|
|
+++ b/lib/DBD/Proxy.pm
|
|
@@ -974,6 +974,13 @@ The workaround is storing the modified local copy back to the server:
|
|
$dbh->{"csv_tables"} = $tables;
|
|
|
|
|
|
+=head1 SECURITY WARNING
|
|
+
|
|
+L<RPC::PlClient> used underneath is not secure due to serializing and
|
|
+deserializing data with L<Storable> module. Use the proxy driver only in
|
|
+trusted environment.
|
|
+
|
|
+
|
|
=head1 AUTHOR AND COPYRIGHT
|
|
|
|
This module is Copyright (c) 1997, 1998
|
|
diff --git a/lib/DBI/ProxyServer.pm b/lib/DBI/ProxyServer.pm
|
|
index 68ad4af..78a0d78 100644
|
|
--- a/lib/DBI/ProxyServer.pm
|
|
+++ b/lib/DBI/ProxyServer.pm
|
|
@@ -867,6 +867,13 @@ Don't try to put parameters into the sql-query like this:
|
|
=back
|
|
|
|
|
|
+=head1 SECURITY WARNING
|
|
+
|
|
+L<RPC::PlServer> used underneath is not secure due to serializing and
|
|
+deserializing data with L<Storable> module. Use the proxy driver only in
|
|
+trusted environment.
|
|
+
|
|
+
|
|
=head1 AUTHOR
|
|
|
|
Copyright (c) 1997 Jochen Wiedmann
|
|
--
|
|
1.8.3.1
|
|
|