View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007101 | Taler | merchant backend | public | 2021-11-20 12:31 | 2022-11-04 20:52 |
| Reporter | ms-mantis | Assigned To | sebasjm | ||
| Priority | high | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Target Version | 0.9 | ||||
| Summary | 0007101: DoS assert should be removed. | ||||
| Description | The merchant backend asserts to have the "X-Forwarded-Prefix" header *not* in place, when it servers a "POST /private/orders". That means that a client can crash the merchant by setting that header along a request! Possibly, it was a temporary solution to some other problem, but it must be removed. | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-11-20 12:31 | ms-mantis | New Issue | |
| 2021-11-20 12:31 | ms-mantis | Status | new => assigned |
| 2021-11-20 12:31 | ms-mantis | Assigned To | => Christian Grothoff |
| 2021-11-20 12:43 | Christian Grothoff | Assigned To | Christian Grothoff => sebasjm |
| 2021-11-22 11:58 | sebasjm | Status | assigned => resolved |
| 2021-11-22 11:58 | sebasjm | Resolution | open => fixed |
| 2021-11-22 11:58 | sebasjm | Note Added: 0018523 | |
| 2022-10-20 10:48 | Christian Grothoff | Target Version | => 0.9 |
| 2022-11-04 20:52 | Christian Grothoff | Status | resolved => closed |
| 2025-03-22 14:09 | Christian Grothoff | Category | mechant backend => merchant backend |
