[LON-CAPA-admin] PCI Compliance
Jon Hall
jdh65 at bellsouth.net
Sun Jan 13 19:42:43 EST 2013
I managed to get many to the PCI failure items correct, but am still getting dinged by the PCI scanning company for cross-site scripting (despite updating my lonsupportreq.pm as suggested by Stuart).
Gerd suggested that I can disable helpdesk in domain configuration, but I have not been able to figure out how to do that. Any pointers?
Thanks for all assistance,
Jon Hall
On Jan 3, 2013, at 7:55 PM, Gerd Kortemeyer wrote:
>
>
> Can be solved by switched to HTTPS, but to avoid warnings, you need a purchased certificate. Nothing we can do about it.
>
>
>>
>> web program allows cross-site scripting in query string (/adm/login)
>>
>> web program allows cross-site scripting in query string (/adm/helpdesk)
>
> Disable helpdesk in domain configuration.
>
>>
>> web server allows cross-site tracing
>
> See above.
>
>>
>> cross-site scripting vulnerability in orgurl parameter to /adm/helpdesk
>
> See above.
>
> - Gerd.
> _______________________________________________
> LON-CAPA-admin mailing list
> LON-CAPA-admin at mail.lon-capa.org
> http://mail.lon-capa.org/mailman/listinfo/lon-capa-admin
More information about the LON-CAPA-admin
mailing list