#2171: Possible security problem with quickstart/controllers/error.py
----------------------------------+-----------------------------------------
Reporter: aigarius | Owner: Chris Arndt
Type: defect | Status: new
Priority: normal | Milestone: 2.0b5
Component: Quickstart Templates | Version: trunk
Severity: major | Keywords:
----------------------------------+-----------------------------------------
_serve_file is exposed by default and it could be tricked into serving
files that the webmaster did not intent to be publicly accessible. It
works perfectly fine without the @expose.
--
Ticket URL: <http://trac.turbogears.org/ticket/2171>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
