Pierre-Julien Grizel wrote:
>
> Hum... A possible way to solve this problem is to practice the "you
> can't do ANYTHING but..." policy... And, thus, according proxy roles to
> the methods that must access it, such as index_html.
> I know it's constraining but with a little work we can end up with
On Fri, 20 Oct 2000, Chris Withers wrote:
> Andrew Kenneth Milton wrote:
> > | http://www.zope.org/standard_html_header for example ;-)
> >
> > Not that old chestnut again...
>
> Yes, that old chestnut again. If it's considered a serious security flaw
> by Microsoft, maybe the Zope community shoul
Chris Withers wrote:
>
> Andrew Kenneth Milton wrote:
> >
> > |
> > | http://www.zope.org/standard_html_header for example ;-)
> >
> > Not that old chestnut again...
>
> Yes, that old chestnut again. If it's considered a serious security flaw
> by Microsoft, maybe the Zope community should final
As I already suggested ages ;) ago (and still didn't put into
practice) it would here again be best to deny everything that isn't
explicitly allowed (e.g. allow whatever ends with _html or .html and
deny everything else) but then I would have to go over the whole
website and make bazillions of
Hum... A possible way to solve this problem is to practice the "you
can't do ANYTHING but..." policy... And, thus, according proxy roles to
the methods that must access it, such as index_html.
I know it's constraining but with a little work we can end up with
something quite secure & secret.
Andrew Kenneth Milton wrote:
>
> |
> | http://www.zope.org/standard_html_header for example ;-)
>
> Not that old chestnut again...
Yes, that old chestnut again. If it's considered a serious security flaw
by Microsoft, maybe the Zope community should finally do something to
solve it.
...and yes
+---[ Chris Withers ]--
| > MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
| > by Dave Murphy, [EMAIL PROTECTED]
| >
| > Microsoft is scrambling to repair damage caused by a
| > security hole in its IIS 4 & 5 webserver that runs on
| > Windows NT/2000. Microsoft claims over
> MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
> by Dave Murphy, [EMAIL PROTECTED]
>
> Microsoft is scrambling to repair damage caused by a
> security hole in its IIS 4 & 5 webserver that runs on
> Windows NT/2000. Microsoft claims over four million
> IIS websites, and each one of them is at ris