Bug #35

Metadata sources are untrusted by default

Added by S M 2881 days ago.

Status:New Start:09/04/2009
Priority:High Due date:
Assigned to:S M % Done:

0%

Category:SPEP (Java) Spent time: -
Target version:0.9.6

Description

By default, metadata sources are flagged as untrusted, which means they are unmarshalled without signature validation.

This could create a vulnerability in certain situations, though it is mitigated by using https on the metadata endpoint.

Also available in: Atom PDF