Add SECURITY.md
This commit is contained in:
parent
b3aa215f99
commit
a86d275099
1 changed files with 19 additions and 0 deletions
19
SECURITY.md
Normal file
19
SECURITY.md
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
# Security Policy
|
||||
|
||||
I am not responsible. Use it at own risk.
|
||||
|
||||
## Vulnerability Definition
|
||||
|
||||
Please be aware that this script is intended to be run by administrators,
|
||||
who already generally already have privileged access to the machines on
|
||||
which the script is running. Therefore, an example vulnerability that
|
||||
uses an unusual set of characters in a password (see #20) to make the
|
||||
script not run or to return bizarre results is not considered a meaningful
|
||||
vulnerability, since the administrator presumably wouldn't use such a
|
||||
password in the first place.
|
||||
|
||||
Conversely, however, an example vulnerability that allowed someone with
|
||||
`Create_priv` to create a schema with a special name that triggers arbitrary
|
||||
code execution in the context of the user running this script when the script
|
||||
is invoked is clearly a vulnerability, and will be addressed with the utmost
|
||||
urgency.
|
||||
Loading…
Reference in a new issue