[ckan-discuss] CKAN security report?

Koebrick, Andrew (MNIT) andrew.koebrick at state.mn.us
Tue Oct 15 18:36:20 BST 2013


I recently had our development instance of CKAN run through HP WebInspect, looking for Vulnerabilities.  The report is not that useful in that it is over 1864 pages long (!), due to reporting the same issues on every page where they are present (i.e. "Logins Sent Over Unencrypted Connection)" shows up once for every language version (i.e.  /sl/user/login and /ar/usr/login).

But if anyone would like to look at a copy I could put it up online someplace behind a generic username / password .  I am a little hesitant to just post on our public site.

I did not see any deal stoppers, but confess I have not reviewed every one of the 5272 "vulnerabilities" found.

Andrew



From: ckan-discuss-bounces at lists.okfn.org [mailto:ckan-discuss-bounces at lists.okfn.org] On Behalf Of Rufus Pollock
Sent: Tuesday, October 15, 2013 7:06 AM
To: Maurizio Napolitano
Cc: ckan-discuss at lists.okfn.org
Subject: Re: [ckan-discuss] CKAN security report?

Maurizio: CKAN was formally pen-tested by the UK government a couple of years ago and was fine. Be delighted to hear if others have done other security audits on CKAN.

Rufus

On 15 October 2013 09:14, Maurizio Napolitano <napo at fbk.eu<mailto:napo at fbk.eu>> wrote:
Many people always ask me if CKAN has passed security tests.
There are people on this list who have some reference document?
Thanks a lot!

_______________________________________________
ckan-discuss mailing list
ckan-discuss at lists.okfn.org<mailto:ckan-discuss at lists.okfn.org>
http://lists.okfn.org/mailman/listinfo/ckan-discuss
Unsubscribe: http://lists.okfn.org/mailman/options/ckan-discuss



--

Rufus Pollock

Founder and Executive Director | skype: rufuspollock | @rufuspollock<https://twitter.com/rufuspollock>

The Open Knowledge Foundation<http://okfn.org/>

Empowering through Open Knowledge
http://okfn.org/ | @okfn<http://twitter.com/OKFN> | OKF on Facebook<https://www.facebook.com/OKFNetwork> |  Blog<http://blog.okfn.org/>  |  Newsletter<http://okfn.org/about/newsletter>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-discuss/attachments/20131015/9151a45a/attachment.htm>


More information about the ckan-discuss mailing list