Published December 30th, 2003 by Jim O'Halloran
MyHelpDesk Security
One thing I should have mentioned in my previous post on MyHelpDesk is that there are security advisories for the product. By defauly MyHelpDesk allows Cross Site Scripting and SQL injection attacks.
The author of the system is correct when he asserts that the system is meant to be run behind a firewall and they prevent minimal risk, but its not good prectice to leave them there regardless. They also cause problems because it means that you can’t use ‘ in any of the text fields (meaning I can’t even use my real name in the system) without it crashing.
I hope to fix these issues myself before the end of the week, and I’ll post a patch when I do.