On Thu, 31 Jan 2002, Darrell May wrote:
> Glad you agree. Here is a ready-to-go-today solution. As I suspected,
> since we already had the code built and in use in our user-manager contrib,
> this was very easy to edit into a server-manager navigation panel. When you
> peak under the hood you will see this required only two files and one link
> to complete.
>
> http://myezserver.com/docs/mitel/servermanager-nav-howto.html
A big word of warning here. The management panels have not been
comprehensively security audited. While only "admin" has access to a
panel, it doesn't matter much if the code has an exploitable error - the
user already has full administrative access to the server. But if you open
that same panel to all users - well, it better not have a flaw that allows
arbitrary code to be executed if the form is filled in with malicious
intend.
Proceed with due caution.
--
Charlie Brady [EMAIL PROTECTED]
Lead Product Developer
Network Server Solutions Group http://www.e-smith.com/
Mitel Networks Corporation http://www.mitel.com/
Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
