Opened 23 months ago
#1439 new defect
Sanitization and password
| Reported by: | jbenito | Owned by: | |
|---|---|---|---|
| Priority: | blocker | Milestone: | v2.1 |
| Component: | Security | Version: | 1.1 |
| Keywords: | Cc: |
Description
Several issues:
- In base.py sanitization is happening after checkParams. So, if the developer gets the value into a variable in checkParams and uses it afterwards, sanitization would be useless (for case in which SanitizationLevel?=0)
- There is a variable in RH which is _doNotSanitizeFields that we can use to avoid some params (password) to be sanitize. Services does not implement it! it should be consistent.
- Once we move all the services to rest, make sure that we do not sanitize "accessKey" and "modifyKey"
Note: See
TracTickets for help on using
tickets.
