\item In the \textbf{privacy violation} category, Fortify found errors and warnings printed back to the browser, and labelled it \textbf{critical}. However, this happens in the installer script, which we have decided to treat separately, as explained earlier.
\item \textbf{\SQL{} injection} attacks are possible on the installer script, labelled \textbf{critical}. Yet again: the installer script.
\item \textbf{Cookie security}: the \code{HttpOnly} header is not set, labelled \textbf{high}.
- \item \textbf{Privacy violation}: \HTML{} forms don't disable autocompletion. Labelled \textbf{high}. However, autocompletion of \HTML{} forms by means of the \code{autocompletion="none"} attribute notoriously doesn't really work. The larger problem is that the post/redirect/get pattern is not followed, as stated above at our analysis of OWASP requirement (9.1).
+ \item \textbf{Privacy violation}: \HTML{} forms do not disable autocompletion. Labelled \textbf{high}. However, autocompletion of \HTML{} forms by means of the \code{autocompletion="none"} attribute notoriously does not really work. The larger problem is that the post/redirect/get pattern is not followed, as stated above at our analysis of OWASP requirement (9.1).
\item Fortify complains that \PHP{}'s \code{crypt(...)} function is \textbf{weak encryption} and labels the 5 usages \textbf{high}.
\end{enumerate}
\midrule
% V2 V3 V4 V5 V7 V8 V9 V11
1 & \X & \p & \p & \p & - & \X & \F{B}\X & \X \\
- 2 & \F{B}\p & \p & - & - & \p & \p & - & \p \\
+ 2 & \F{B}\X & \p & - & - & \p & \p & - & \p \\
3 & - & \X & - & \X & - & \X & \p & - \\
- 4 & \p & - & \p & - & - & \X & \X & \X \\
- 5 & - & \p & \p & \p & - & \p & \p & \p \\
+ 4 & \p & - & \X & - & - & \X & \X & \X \\
+ 5 & - & \p & \X & \p & - & \p & \p & \p \\
6 & \X & \p & - & - & \X & \p & - & \X \\
- 7 & \p & \X & - & - & \p & \p & \p & \X \\
+ 7 & \p & \X & - & - & \X & \p & \p & \X \\
8 & \p & - & \p & - & - & - & - & \X \\
- 9 & \X & \p & \X & - & \p & - & \p & - \\
-10 & - & \X & \p & \X & - & \X & \p & - \\
+ 9 & \X & - & \X & - & \X & - & \p & - \\
+10 & - & - & \X & \X & - & \X & \X & - \\
11 & - & \p & - & \p & - & - & \p & - \\
12 & \X & \X & \X & \p & \X & - & - & - \\
-13 & \X & \X & \F{A}\X & \p & \X & \X & - & - \\
+13 & \X & - & \F{A}\X & \p & \X & \X & - & - \\
14 & - & - & \X & \p & \p & - & - & - \\
15 & - & - & \X & \X & - & - & - & - \\
-16 & \X & - & \X & \p & - & - & - & - \\
-17 & \p & - & - & \p & - & - & - & - \\
-18 & \X & - & - & \X & - & - & - & - \\
+16 & \X & \p & \X & \p & - & - & - & - \\
+17 & \p & \X & - & \p & - & - & - & - \\
+18 & \X & \X & - & \X & - & - & - & - \\
19 & \p & - & - & \X & - & - & - & - \\
20 & \X & - & - & \p & - & - & - & - \\
21 & \X & - & - & \p & - & - & - & - \\
22 & \p & - & - & \X & - & - & - & - \\
-23 & - & - & - & \X & - & - & - & - \\
-24 & - & - & - & \p & - & - & - & - \\
+23 & \X & - & - & \X & - & - & - & - \\
+24 & \p & - & - & \p & - & - & - & - \\
25 & \X & - & - & \p & - & - & - & - \\
-26 & - & - & - & \p & - & - & - & - \\
+26 & \p & - & - & \p & - & - & - & - \\
27 & \X & - & - & - & - & - & - & - \\
-28 & \X & - & - & - & - & - & - & - \\
-29 & \X & - & - & - & - & - & - & - \\
-30 & - & - & - & - & - & - & - & - \\
-31 & - & - & - & - & - & - & - & - \\
+28 & - & - & - & - & - & - & - & - \\
+29 & - & - & - & - & - & - & - & - \\
+30 & - & - & - & - & - & - & - & - \\
+31 & \X & - & - & - & - & - & - & - \\
32 & \X & - & - & - & - & - & - & - \\
33 & \p & - & - & - & - & - & - & - \\
\bottomrule