Pierre-Julien Grizel wrote:
Hum... A possible way to solve this problem is to practice the "you
can't do ANYTHING but..." policy... And, thus, according proxy roles to
the methods that must access it, such as index_html.
I know it's constraining but with a little work we can end up with
Chris Withers wrote:
Andrew Kenneth Milton wrote:
|
| http://www.zope.org/standard_html_header for example ;-)
Not that old chestnut again...
Yes, that old chestnut again. If it's considered a serious security flaw
by Microsoft, maybe the Zope community should finally do
On Fri, 20 Oct 2000, Chris Withers wrote:
Andrew Kenneth Milton wrote:
| http://www.zope.org/standard_html_header for example ;-)
Not that old chestnut again...
Yes, that old chestnut again. If it's considered a serious security flaw
by Microsoft, maybe the Zope community should finally
MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
by Dave Murphy, [EMAIL PROTECTED]
Microsoft is scrambling to repair damage caused by a
security hole in its IIS 4 5 webserver that runs on
Windows NT/2000. Microsoft claims over four million
IIS websites, and each one of them is at risk of
+---[ Chris Withers ]--
| MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
| by Dave Murphy, [EMAIL PROTECTED]
|
| Microsoft is scrambling to repair damage caused by a
| security hole in its IIS 4 5 webserver that runs on
| Windows NT/2000. Microsoft claims over four
Hum... A possible way to solve this problem is to practice the "you
can't do ANYTHING but..." policy... And, thus, according proxy roles to
the methods that must access it, such as index_html.
I know it's constraining but with a little work we can end up with
something quite secure secret.
As I already suggested ages ;) ago (and still didn't put into
practice) it would here again be best to deny everything that isn't
explicitly allowed (e.g. allow whatever ends with _html or .html and
deny everything else) but then I would have to go over the whole
website and make bazillions
