Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Related to Information Security

rahulsingh18
Champ in-the-making
Champ in-the-making

‎03-01-2011 08:48 AM

Hi All,

As a BA i am involved in implementation of Alfresco Share in one of the insurance major in India. Now my client needs certain Information security related queries in Yes or NO for the following question.

These questions are as follows :
Whether the HTML page validates input entered in form fields before submitting the form?
Whether the application logic validates the input entered in form fields after form submission?
Whether known good/ bad criteria defined for input and output variables ?
Does all the parameters examined for valid source before including the information from outside domain in application logic?
Whether the special characters are sanitized, escaped or rejected ? Examples - <, >, (, ), #, &
Whether the application accept inputs from cookies?
Is the input from cookie validated before inclusion in application logic?
Are the parametrized SQL statements used in application code for database interaction ?
Whether all the output on HTML page is properly escaped in order to avoid the execution of unwanted and unknown scripts and errors?

Please answer these question.

Thanks Smiley Happy
Labels:
0 Kudos
2 REPLIES 2

mrogers
Star Contributor
Star Contributor

‎03-01-2011 09:09 AM

These are well known general security issues.  Alfresco Share is secure.

Whether the HTML page validates input entered in form fields before submitting the form? Yes, but depends upon form constraints.
Whether the application logic validates the input entered in form fields after form submission? Yes, but depends upon the purpose of the field.   Fields may be validated against constraints in the model or application specific requirements.
Whether known good/ bad criteria defined for input and output variables ?    Sorry can't understand your question.
Does all the parameters examined for valid source before including the information from outside domain in application logic?   Sorry can't understand your question.
Whether the special characters are sanitized, escaped or rejected ? Examples - <, >, (, ), #, &   Yes.  According to their use and what is appropriate.
Whether the application accept inputs from cookies?    There may be a little information in a cookie.
Is the input from cookie validated before inclusion in application logic?   Yes.
Are the parametrized SQL statements used in application code for database interaction ?    The database interaction is secure against sql injection attack.
Whether all the output on HTML page is properly escaped in order to avoid the execution of unwanted and unknown scripts and errors?   Yes the HTML interaction is secure against Script attack.
0 Kudos

rahulsingh18
Champ in-the-making
Champ in-the-making

‎03-02-2011 07:21 AM

Thanks  a lot rogers. I really appreciate your quick reply to my query.

Thanks & Regards
Rahul Singh
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC