[LON-CAPA-admin] PCI Compliance

Jon Hall jdh65 at bellsouth.net
Sun Jan 13 19:42:43 EST 2013


I managed to get many to the PCI failure items correct, but am still getting dinged by the PCI scanning company for cross-site scripting (despite updating my lonsupportreq.pm as suggested by Stuart).  

Gerd suggested that I can disable helpdesk in domain configuration, but I have not been able to figure out how to do that.  Any pointers?

Thanks for all assistance,
Jon Hall


On Jan 3, 2013, at 7:55 PM, Gerd Kortemeyer wrote:

> 
> 
> Can be solved by switched to HTTPS, but to avoid warnings, you need a purchased certificate. Nothing we can do about it.
> 
> 
>> 
>> web program allows cross-site scripting in query string (/adm/login)
>> 
>> web program allows cross-site scripting in query string (/adm/helpdesk)
> 
> Disable helpdesk in domain configuration.
> 
>> 
>> web server allows cross-site tracing
> 
> See above.
> 
>> 
>> cross-site scripting vulnerability in orgurl parameter to /adm/helpdesk
> 
> See above.
> 
> - Gerd.
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin




More information about the LON-CAPA-admin mailing list