I think, we should audit ASSP for security gaps. I will examine the code closer in the next days - but on the first glance, I could only find this read commands, which are not evaluated - and which would not lead to any security breach, if the open fails... But I will have a closer look at it.
So I am also intrested in the Server code to create the griplist. Unfortunatly this source seems not to be open. Maybe we have to introduce a username/password for uploading griplist data. - With only a sinnge account for any domain and a captcha to retrieve the password. Matti - Matti Haack - Hit Haack IT Service Gmbh Poltlbauer Weg 4, D-94036 Passau +49 851 50477-22 Fax: +49 851 50477-29 http://www.haack-it.de Registergericht Passau HRB 5678 USt. ID: DE195625715 Besuchen Sie jetzt unseren neuen INTERNET&NETWORK Security Shop mit faszinierenden Angeboten rund um Ihre Netzwerk- Sicherheit: http://www.inn.de -- Ausgehende E-Mail wurde auf Viren gescannt -- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
