Re: [BLACKBOX] severe security hole in BB

From: Douglas G. Danforth <"Douglas>
Date: Mon, 16 Jun 2008 14:36:57 -0700

----boundary-LibPST-iamunique-329873513_-_-
Content-type: text/plain

Josef,
Good point.

At a higher level,
can one in any sense specify the "security" of the
underlying module based system?

I, for one, do not like to worry about such issues but
when providing software to clients what does one say
when asked about the security of the BlackBox environment?

-Doug Danforth

Josef Templ wrote:
> Hi everybody!
>
> I would like to point out a severe security hole in BB.
>
> Password fields are printed as clear text!
>
> The problem seems to be in HostCFrames.Print,
> where Controls are printed in a rather crude form
> without looking at the guard and without looking
> at the 'password' property of the text field control.
>
> regards
>
> - Josef Templ
>
>
> ----
> To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to
> LISTSERV{([at]})nowhere.xy
>
> 


----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy----boundary-LibPST-iamunique-329873513_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwIEpvc2VmLFxwYXINCkdvb2QgcG9pbnQuXHBhcg0K
XHBhcg0KQXQgYSBoaWdoZXIgbGV2ZWwsXHBhcg0KY2FuIG9uZSBpbiBhbnkgc2Vuc2Ugc3BlY2lm
eSB0aGUgInNlY3VyaXR5IiBvZiB0aGVccGFyDQp1bmRlcmx5aW5nIG1vZHVsZSBiYXNlZCBzeXN0
ZW0/XHBhcg0KXHBhcg0KSSwgZm9yIG9uZSwgZG8gbm90IGxpa2UgdG8gd29ycnkgYWJvdXQgc3Vj
aCBpc3N1ZXMgYnV0XHBhcg0Kd2hlbiBwcm92aWRpbmcgc29mdHdhcmUgdG8gY2xpZW50cyB3aGF0
IGRvZXMgb25lIHNheVxwYXINCndoZW4gYXNrZWQgYWJvdXQgdGhlIHNlY3VyaXR5IG9mIHRoZSBC
bGFja0JveCBlbnZpcm9ubWVudD9ccGFyDQpccGFyDQotRG91ZyBEYW5mb3J0aFxwYXINClxwYXIN
Ckpvc2VmIFRlbXBsIHdyb3RlOlxwYXINCj4gSGkgZXZlcnlib2R5IVxwYXINCj4gXHBhcg0KPiBJ
IHdvdWxkIGxpa2UgdG8gcG9pbnQgb3V0IGEgc2V2ZXJlIHNlY3VyaXR5IGhvbGUgaW4gQkIuXHBh
cg0KPiBccGFyDQo+IFBhc3N3b3JkIGZpZWxkcyBhcmUgcHJpbnRlZCBhcyBjbGVhciB0ZXh0IVxw
YXINCj4gXHBhcg0KPiBUaGUgcHJvYmxlbSBzZWVtcyB0byBiZSBpbiBIb3N0Q0ZyYW1lcy5Qcmlu
dCxccGFyDQo+IHdoZXJlIENvbnRyb2xzIGFyZSBwcmludGVkIGluIGEgcmF0aGVyIGNydWRlIGZv
cm1ccGFyDQo+IHdpdGhvdXQgbG9va2luZyBhdCB0aGUgZ3VhcmQgYW5kIHdpdGhvdXQgbG9va2lu
Z1xwYXINCj4gYXQgdGhlICdwYXNzd29yZCcgcHJvcGVydHkgb2YgdGhlIHRleHQgZmllbGQgY29u
dHJvbC5ccGFyDQo+IFxwYXINCj4gcmVnYXJkc1xwYXINCj4gXHBhcg0KPiAtIEpvc2VmIFRlbXBs
XHBhcg0KPiBccGFyDQo+IFxwYXINCj4gLS0tLVxwYXINCj4gVG8gdW5zdWJzY3JpYmUsIHNlbmQg
YSBtZXNzYWdlIHdpdGggYm9keSAiU0lHTk9GRiBCTEFDS0JPWCIgdG8gXHBhcg0KPiBMSVNUU0VS
VkBMSVNUUy5PQkVST04uQ0hccGFyDQo+IFxwYXINCj4gXHBhcg0KXHBhcg0KXHBhcg0KLS0tLVxw
YXINClRvIHVuc3Vic2NyaWJlLCBzZW5kIGEgbWVzc2FnZSB3aXRoIGJvZHkgIlNJR05PRkYgQkxB
Q0tCT1giIHRvIExJU1RTRVJWQExJU1RTLk9CfX0AAAAAAAAAACEAAAA=
----boundary-LibPST-iamunique-329873513_-_---
Received on Mon Jun 16 2008 - 23:36:57 UTC

This archive was generated by hypermail 2.3.0 : Thu Sep 26 2013 - 06:30:55 UTC