Rank 1
I am writing to bring your attention to a critical vulnerability that I have discovered in the Kendo Spreadsheet system. Upon investigation, I found that it is possible for a user to inject data into the database without any authentication validation. This poses a significant security risk to the system and its users.
Therefore, I am reaching out to the community to inquire if there is a solution within the Kendo Spreadsheet system that can provide strong authentication validation with an integrated app before loading data and triggering it to the database. I must emphasize that I am seeking a solution that does not require double authentication, which can create an inconvenience for users.
I would greatly appreciate any insights or recommendations that you can provide to resolve this issue. Thank you for your attention to this matter, and I look forward to your valuable input.
Sincerely,
Kushal Khadka
Kendo Spreadsheet, Critical Vulnerability, Security Risk, Authentication Validation, Integrated App, Database, Community
1 Answer, 1 is accepted
Hi Kushal,
I just replied to the other thread regarding a similar issue.
Could you please provide more details about what is the exact issue in the Spreadsheet? As mentioned in the other thread the Kendo UI for jQuery Spreadsheet is an UI component that allow loading and editing of data. Server side operations such as saving the data into the database is not related to the usage of the Spreadsheet component. Validating the data on the server before saving is a developer responsibility.
In case you have any difficulty in configuring the Spreadsheet component or you have a question related to its functionalities please let us know.
Regards,
Neli
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.