SecurityException Status Codes |
(03-27-2024, 04:26 AM)donpwinston Wrote: It appears CI4.4.3 is setting a 5XX status code for SecurityExceptions. My security people are complaining about this. They (unbelievably) have classified it as a HIGH/cat 1 severity security vulnerability. I think my apps(5 of them) have been doing this for a few years but all of a sudden they are flagging this now for some reason. (They do regular probing of our apps every Sunday) I edited App/Config/Exceptions and replaced the exception handler with a customized SecureExceptionHandler. For status codes 500 and above I set it to 418 or 403. I don't like doing this because I'll have to check it after every upgrade to see if anything changed. ExceptionHandler is a final class. I can't subclass it. I can only just copy it.
Simpler is always better
|
Messages In This Thread |
SecurityException Status Codes - by donpwinston - 03-27-2024, 04:26 AM
RE: SecurityException Status Codes - by donpwinston - 03-27-2024, 06:17 AM
RE: SecurityException Status Codes - by kenjis - 03-27-2024, 03:50 PM
RE: SecurityException Status Codes - by donpwinston - 03-31-2024, 01:20 PM
RE: SecurityException Status Codes - by kenjis - 03-31-2024, 02:43 PM
RE: SecurityException Status Codes - by donpwinston - 04-01-2024, 01:40 AM
RE: SecurityException Status Codes - by kenjis - 04-01-2024, 06:21 PM
|