New Security Features for WM


I would love to see The following in WM one day
1. Secured passwords in the database when you switch on security

2. A field that when it's property of password is set it allows you to choose between a predefined set
of strong password validators and it would impelement it for you!
Useful for in the user management.

3. SQL injection protection on input fields
(I am lazy!)

Well there's a few that I see requested on a regular basis on a typical java project


edc's picture

Security Features, SQL Injection, XSS

Good suggestions Ken. Thanks for those.
Filed them in Jira for safe keeping:

As to SQL injection, what sort of protection are you suggesting ? SQL injection is not really a vulnerability in WM apps.
Unless you put a service var on a create SQL query call, the input of an editor never goes directly into the JDBC driver.

Rich text editors are possible entry points for XSS hacks. For that we've envisioned enabling the easy plugin of escaping libraries or other input validation code.

Love it or hate it, hibernate does a good job of insulating us from SQL hacks.


WM 6.3.x, 6.4.x

SQL Injection standard to WASP


Nothing more than SQL Injection standard to OWASP.
If that is already achieved via Hibernate's help then good :-)

Yes the dynamic SQL issue is down to the Developer !

The Escaping codes is a good step forward IMO.

Keep up the good work