Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.7.10
-
None
-
None
-
All databases
-
All Web Browsers
Description
In the QT_PDO_QUERY_MASTER table, the full request XML message is stored in the REQUEST_XML column. This includes the message header, which means we could store passwords. This would only be a problem if sites have configured their system to display passwords instead of session keys (tokens).
The QT_QUERY_MASTER table has a similar column that is also called REQUEST_XML. The <query_definition> is the only section of the request message that is stored in the REQUEST_XML Column.
In the QT_PDO_QUERY_MASTER table a modified version of the Request message should be stored the same as we do in the QT_QUERY_MASTER table. By not storing the <message_header> we do not run the risk of storing and potentially exposing passwords.
The QT_QUERY_MASTER table has a similar column that is also called REQUEST_XML. The <query_definition> is the only section of the request message that is stored in the REQUEST_XML Column.
In the QT_PDO_QUERY_MASTER table a modified version of the Request message should be stored the same as we do in the QT_QUERY_MASTER table. By not storing the <message_header> we do not run the risk of storing and potentially exposing passwords.
Attachments
Activity
| Field | Original Value | New Value |
|---|---|---|
| Fix Version/s | 1.7.11 [ 10703 ] |
| Status | New [ 10000 ] | Open [ 1 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Assignee | Mike Mendis [ mem61 ] | Reeta Metta [ rm302 ] |
| Status | In Progress [ 3 ] | Ready to Test [ 10001 ] |
| Resolution | Fixed [ 1 ] | |
| Status | Ready to Test [ 10001 ] | Resolved [ 5 ] |