Thank you David.
I didn't know the existence of this Atlassian product :) ahah
I was browsing trough ViewVC, even if it was not so comfortable...
Thanks a lot. I will keep you informed.
Michele OrrĂ¹
David E Jones-3 wrote:
>
>
> On Feb 20, 2009, at 8:37 AM, euronymous wrote:
&g
David E Jones-3 wrote:
>
>
>
> I'll try to look at that in the next day or two. It is probably a
> place that doesn't uses the common tools and so gets around these
> somehow...
>
>
David
I'm asking you a favour :)
I'm analyzing all about your ESAPI/AntiSamy impementation.
Let me und
David E Jones-3 wrote:
>
>
> 2. security vulnerability tests: now we want to hit the public facing
> (ecommerce, cmssite, etc) apps and the back-end apps to check as many
> vulnerabilities as we can
>
>
In reply to your find-bug-campaing:
https://issues.apache.org/jira/browse/OFBIZ-195
jacques.le.roux wrote:
>
>
> It seems that's Michele (euronymous) saying < (without actually eliminating it) restricting the attack window
> time>> has a point there.
> We may lean on his specific (hobby, best ones, with deep motivation ;o)
> knowledge and
um levels is definitely needed, and maybe an
urgent TO-DO.
As I wrote here (I'm nickname: euronymous):
http://sla.ckers.org/forum/read.php?3,25331,25334#msg-25334 there are a lot
of production websites created with Ofbiz that are vulnerable to every
attack I described in the jira issue: i
Hi list
we were looking around possibilities to remove the Control Servlet from a
customized application, in a way that the frontend will not contain in the
URL /control/.
Is there a way to do that directly in the application web.xml descriptor?
That's just a strange request of one of our custom