Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   Denial of access after failed import using invalid attributes, posted by soren poulsen on Wed Jun 17 03:46:31 2009 
    icon2.gif   Re: Denial of access after failed import using invalid attributes, posted by Stefan Ritt on Thu Jun 25 12:30:17 2009 
Message ID: 66400     Entry time: Wed Jun 17 03:46:31 2009     Reply to this: 66418
Icon: Warning  Author: soren poulsen  Author Email: soren.poulsen@cern.ch 
Category: Request  OS: Linux  ELOG Version: 2.7.6 
Subject: Denial of access after failed import using invalid attributes 

Hi,

A user tried to import a CSV file, which caused e-log to add a field called "date" to the list of attributes (and then crash). This caused the log-book to be blocked until someone (guess who) would go edit the elogd.cfg file and then trigger a reload.

1. suggestion : E-log should not crash in this case

2. suggestion: E-log should not allow invalid attributes to be added via CSV Import, which causes the log-book to be blocked.

For the time being, I will just  "Deny import" (by the way, the doc says it is "Deny CSV import", but I think the syntax is "Deny import". Not really important.

I think this should be quite easy to reproduce.

Thanks a lot

Soren

ELOG V3.1.5-fe60aaf