Contrib.social

[META] Convert fail-open code executions to fail-secure alternatives

Open on Drupal.org β†’
Created on 25 December 2023, 6 months ago

Problem/Motivation

Currently in the code we have a number of areas that could 'fail open', these do not currently cause any exploitable security issues, however they ultimately pose a weakness in the design of TFA that we should harden to reduce risks in the future.

Steps to reproduce

N/A

Proposed resolution

Convert code that can fail-open into fail-secure alternatives.

Remaining tasks

User interface changes

N/A

API changes

N/A

Data model changes

N/A

🌱 Plan
Status

Active

Version

2.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States cmlara

Live updates comments and jobs are added and updated live.
  • Security improvements

    It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.

Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024