Runtime Infrastructure

Overview
Activity
Roadmap
Issues

Issues

View all issues
Summary

Custom queries

Bugs Needing Feedback
Bugs Needing Review
Bugs Needing Testing
Bugs Opened in the Last Week
Cleared In The Last Week
High Priority Active Tasks
Open Bugs
Open Bugs by Priority
Open Bugs by Status
Pending Merges

Support #2696

security review

Added by Greg Shah over 8 years ago. Updated over 2 years ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

FWD - Deployment and Management Improvements

Start date:

09/09/2015

Due date:

% Done:

10%

billable:

vendor_id:

GCD

case_num:

Subtasks

Support #2697: make sure all security sensitive data is processed using char[] instead of Strings

New

Support #2698: evaluate the security implications of how ProcessBuilder copies the server environment

New

Bug #2860: implement proper server certificate validation in spawned clients

Closed

Support #2991: ensure that all XML parsing is done securely

New

Support #2992: penetration testing: remote access scenario

New

Support #2993: penetration testing: non-priviledged local user scenario

New

Bug #2994: use static code analysis to scan p2j source for security vulnerabilities (Java, Javascript and C)

New

Support #2998: consider whether we should implement a separate security context for init/term listeners and other customer code loaded in the P2J process

New

Support #4086: review the RemoteObject exports in StandardServer and other common runtime classes for security implications

New

Support #5585: rework SessionToken to hide the implementation/eliminate external access to the token itself

New

History

#1 Updated by Greg Shah over 7 years ago

Target version changed from 23 to Deployment and Management Improvements

Also available in: Atom PDF