[ckan-discuss] CKAN security report?
Rufus Pollock
rufus.pollock at okfn.org
Tue Oct 15 23:49:49 BST 2013
Hi Andrew,
This sounds like it could be useful and appreciate you may not want to
share on-list (though I doubt the results of an automated tool are that
sensitive). If you could put this up somewhere (perhaps password protected)
that would be great!
Rufus
On 15 October 2013 18:36, Koebrick, Andrew (MNIT) <
andrew.koebrick at state.mn.us> wrote:
> I recently had our development instance of CKAN run through HP
> WebInspect, looking for Vulnerabilities. The report is not that useful in
> that it is over 1864 pages long (!), due to reporting the same issues on
> every page where they are present (i.e. “Logins Sent Over Unencrypted
> Connection)“ shows up once for every language version (i.e. /sl/user/login
> and /ar/usr/login).****
>
> ** **
>
> But if anyone would like to look at a copy I could put it up online
> someplace behind a generic username / password . I am a little hesitant to
> just post on our public site.****
>
> ** **
>
> I did not see any deal stoppers, but confess I have not reviewed every one
> of the 5272 “vulnerabilities” found.****
>
> ** **
>
> Andrew****
>
> ** **
>
> ** **
>
> ** **
>
> *From:* ckan-discuss-bounces at lists.okfn.org [mailto:
> ckan-discuss-bounces at lists.okfn.org] *On Behalf Of *Rufus Pollock
> *Sent:* Tuesday, October 15, 2013 7:06 AM
> *To:* Maurizio Napolitano
> *Cc:* ckan-discuss at lists.okfn.org
> *Subject:* Re: [ckan-discuss] CKAN security report?****
>
> ** **
>
> Maurizio: CKAN was formally pen-tested by the UK government a couple of
> years ago and was fine. Be delighted to hear if others have done other
> security audits on CKAN.****
>
> ** **
>
> Rufus****
>
> ** **
>
> On 15 October 2013 09:14, Maurizio Napolitano <napo at fbk.eu> wrote:****
>
> Many people always ask me if CKAN has passed security tests.
> There are people on this list who have some reference document?
> Thanks a lot!
>
> _______________________________________________
> ckan-discuss mailing list
> ckan-discuss at lists.okfn.org
> http://lists.okfn.org/mailman/listinfo/ckan-discuss
> Unsubscribe: http://lists.okfn.org/mailman/options/ckan-discuss****
>
>
>
> ****
>
> ** **
>
> -- ****
>
> Rufus Pollock****
>
> Founder and Executive Director | skype: rufuspollock | @rufuspollock<https://twitter.com/rufuspollock>
> ****
>
> The Open Knowledge Foundation <http://okfn.org/>****
>
> *Empowering through Open Knowledge*****
>
> http://okfn.org/ | @okfn <http://twitter.com/OKFN> | OKF on Facebook<https://www.facebook.com/OKFNetwork>|
> Blog <http://blog.okfn.org/> | Newsletter<http://okfn.org/about/newsletter>
> ****
>
--
*
Rufus Pollock
Founder and Executive Director | skype: rufuspollock |
@rufuspollock<https://twitter.com/rufuspollock>
The Open Knowledge Foundation <http://okfn.org/>
Empowering through Open Knowledge
http://okfn.org/ | @okfn <http://twitter.com/OKFN> | OKF on
Facebook<https://www.facebook.com/OKFNetwork>|
Blog <http://blog.okfn.org/> | Newsletter<http://okfn.org/about/newsletter>
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-discuss/attachments/20131015/0bf34cfb/attachment.htm>
More information about the ckan-discuss
mailing list