On 2012-03-07, at 07:53 , Peter Murphy wrote:
>
>
> On Mar 7, 10:13 am, Donald Stufft wrote:
>>
>> For what it's worth in the context of the Homakov exploit, this has been a
>> well known vulnerability by the rails core for years
>> that they've basically said "not
On Mar 7, 10:13 am, Donald Stufft wrote:
>
> For what it's worth in the context of the Homakov exploit, this has been a
> well known vulnerability by the rails core for years
> that they've basically said "not our problem, configure your app better" the
> entire time.
On Tuesday, March 6, 2012 at 7:11 PM, Russell Keith-Magee wrote:
>
> On 07/03/2012, at 7:55 AM, Joey Espinosa wrote:
>
> > I agree with you on some of your points. Security can be improved if people
> > would email the support team INSTEAD OF filing a bug report (this goes for
> > any
On 07/03/2012, at 7:55 AM, Joey Espinosa wrote:
> I agree with you on some of your points. Security can be improved if people
> would email the support team INSTEAD OF filing a bug report (this goes for
> any project), so that the teams know about security bugs before anybody else
> finds
I agree with you on some of your points. Security can be improved if people
would email the support team INSTEAD OF filing a bug report (this goes for
any project), so that the teams know about security bugs before anybody
else finds them.
However, if there's a default setting or commonly set
On 06/03/2012, at 8:31 PM, Joey Espinosa wrote:
> In light of all the recent talk about Egor Homakov's commandeering of GitHub
> by exploiting a default Rails setting, are there any such "gotcha" security
> defaults or common settings/conventions in Django you can think of that could
> cause
6 matches
Mail list logo