Real Project Management for Real Businesses

Browsing Posts tagged Security

One of the most common configurations out there is related to allowing web2project users to have access to only specific companies. While it’s not as simple as saying “users should only see things from their own company,” it’s not as complicated as you might think. Here’s how I’ve done it for various groups. If you […]

It turns out that web2project was vulnerable to a handful of select Cross Site Scripting (XSS: definition) vulnerabilities. While the attack vector was pretty specific to being an already authenticated user, it had the potential to be a major problem in a poorly configured system.