'[Gallery-devel] Status 2-Mar to 8-Mar'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gallery-devel
Subject:    [Gallery-devel] Status 2-Mar to 8-Mar
From:       "Andy Staudacher" <andy.st () gmail ! com>
Date:       2006-03-09 17:07:40
Message-ID: d9c463fe0603090907v6f9a568fr8b3fac23d4f7fcb7 () mail ! gmail ! com
[Download RAW message or body]

Security audit related:
* made storage setup text much shorter and easier to understand together
with Bharat
* added a link in the storage and security step of the installer to the
security guide on codex instead
* Showing security step of the installer for windows users too and show a
link to the security guide on codex for everyone
* Show error stack trace only to admins or when debug mode is on
* Don't send password back to browser in the installer (db and admin user
setup steps)
* Prevent session fixation attacks in installer and upgrader by regeneratin=
g
the session on login
* Prevent XSS and information leak in installer and upgrader by filtering
the sessionId properly
* Require password when changing the account email address

Other G2:
* Fix: Respect the optional baseUri from config.php when redirecting from
index.php  and / to main.php (doh!)
* Minor embed api bump to reflect that we require now the emApp to set the
content-type (utf8)
* Fix: Embedded imageblock and search needed a session->doNotUseTempId /
session->start call
* Fix: unsanitizeInputs didn't respect the adaptForMagicQuotes parameter fo=
r
arrays, thanks to Nico Kaiser
* DB2: automate the installation of the java jar again, now correctly with =
a
simple SQL query. thanks to Sarah Packowski
* Forum run on the weekend (thanks to everyone who's helping in the forums
now!!)

Other:
* Ordered a cell phone for my stay in the USA
* Applied for a social security number
* Opened a bank account to have some cash until I get paid (until i get my
SSN)
* Lots of other stuff
* And did a little of actual work for Google :/

[Attachment #3 (text/html)]

Security audit related:<br>* made storage setup text much shorter and easier to \
understand together with Bharat<br>* added a link in the storage and security step of \
                the installer to the security guide on codex instead<br>
* Showing security step of the installer for windows users too and show a link to the \
security guide on codex for everyone<br>* Show error stack trace only to admins or \
when debug mode is on<br>* Don't send password back to browser in the installer (db \
and admin user setup steps) <br>* Prevent session fixation attacks in installer and \
upgrader by regenerating the session on login<br>* Prevent XSS and information leak \
in installer and upgrader by filtering the sessionId properly<br>* Require password \
when changing the account email address  <br><br>Other G2:<br>* Fix: Respect the \
optional baseUri from config.php when redirecting from index.php&nbsp; and / to \
main.php (doh!)<br>* Minor embed api bump to reflect that we require now the emApp to \
set the content-type (utf8) <br>* Fix: Embedded imageblock and search needed a \
session-&gt;doNotUseTempId / session-&gt;start call<br>* Fix: unsanitizeInputs didn't \
respect the adaptForMagicQuotes parameter for arrays, thanks to Nico Kaiser<br>* DB2: \
automate the installation of the java jar again, now correctly with a simple SQL \
query. thanks to Sarah Packowski <br>* Forum run on the weekend (thanks to everyone \
who's helping in the forums now!!)<br><br>Other:<br>* Ordered a cell phone for my \
stay in the USA<br>* Applied for a social security number<br>* Opened a bank account \
to have some cash until I get paid (until i get my SSN) <br>* Lots of other \
stuff<br>* And did a little of actual work for Google :/<br>


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
__[ g a l l e r y - d e v e l ]_________________________

[ list info/archive --> http://gallery.sf.net/lists.php ]
[ gallery info/FAQ/download --> http://gallery.sf.net ]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic