[OH-Dev] [issue909] Possible security vulnerabilities [per ponycheckup.com]
mandarg
bugs at openhatch.org
Sun Dec 22 01:12:37 UTC 2013
New submission from mandarg <mandar.mmg at gmail.com>:
I checked the openhatch website with ponycheckup.com, a site for testing Django vulnerabilities.
These are the results (http://ponycheckup.com/result/?url=openhatch.org)
The ones that stand out for me would be:
- Login available at /admin without forcing HTTPS
- Session cookie not using httponly
- Absence of HSTS
There are some problems with the report (for example, it claims that the site is inaccessible over
HTTPS, which is not the case. Could someone who knows more than I do go over the list once and see
what we ought to address?
----------
messages: 4006
nosy: mandarg, paulproteus
priority: bug
status: unread
title: Possible security vulnerabilities [per ponycheckup.com]
__________________________________________
Roundup issue tracker <bugs at openhatch.org>
<https://openhatch.org/bugs/issue909>
__________________________________________
More information about the Devel
mailing list