While I was at Honda waiting for the technician to reprogram the ECU, I found a security hole in the authentication part of KazeServer. An unrecognized user id with a null password would grant access to KazeServer but without any significant usability but posed a potential risk.
I quickly identified the cause and rectified the problematic logic in the program design. One down and many to do. One of the other critical problem is that KazeServer will get over with initialization and execute even without the MySQL server is running. A serious bug though.
Another 3 more days to release Alpha RC1 and yet so many problems and unfinished parts. I feel the release will have to be postponed then.
Patched a security hole in KazeServer
Tags: KazeServer
While I was at Honda waiting for the technician to reprogram the ECU, I found a security hole in the authentication part of KazeServer. An unrecognized user id with a null password would grant access to KazeServer but without any significant usability but posed a potential risk.
I quickly identified the cause and rectified the problematic logic in the program design. One down and many to do. One of the other critical problem is that KazeServer will get over with initialization and execute even without the MySQL server is running. A serious bug though.
Another 3 more days to release Alpha RC1 and yet so many problems and unfinished parts. I feel the release will have to be postponed then.