On Thursday, Nov 21, 2002, at 02:51 Europe/London, Rob Nagler wrote:
As someone who has worked on POE, and has a *great* deal of respect for Rocco, I would really like to see that backed up. I haven't seen any exploits in POE during my 2 years of using it, neither private nor public. Got any example exploits, or any CVS changes that fixed an exploit? (that's all public data)Probably the Apache server. Once broken through the Apache server, the
cracker would have to figure out that it is indeed a POE server on the
other end, and then to figure out an exploit by just trying as many
things as they can. ie they'd have to do a lot of extra work rather than
utilizing a public knowledge exploit someone else discovered.
All public knowledge exploits of Apache are fixed within days if not hours. It's the private ones I worry about. There have to be more of these in POE than Apache. The more eyes, the fewer the defects.
Matt.
