Andres, >>> * I also see that in a multi-user environment user A running a w3af >>> scan would be exposing to all the other users which targets he's >>> scanning >> >> Agree, but in any case we need to change mode for w3af's temp dir to >> drwx------. It will fix this issue. > > Ok, can you do this? Yep
>>> * /tmp/ directory usually has a disk partition quota, which might be >>> filled very quickly >> >> Agree, so I suggest changing TEMP_DIR e.g. to ~/.w3af/tmp > > Currently the whole thing is stored in > ~/.w3af/sessions/db_defaultSession-<date>_traces/ , and you want to > move it to ~/.w3af/tmp , correct? This has the intention of removing > the ~/.w3af/tmp directory when the process finishes, correct? What if > there are two different processes running? Would one remove the data > from the second one? (damn I'm soooooo annoying!) Sorry, I meant ~/.w3af/tmp/PID/ and only PID dir will be removed of course. >>>> By the way do we need gtkOutput plugin now? Currently only Queue >>>> functionality is in it. >>> >>> >>> Could you please refresh my mind regarding the self.queue >>> attribute? Where/When is it used? >> >> Goood question! I also don't remember when is it used :) >> And simple grep didn't make any results. > > If you want to remove the plugin, which I wouldn't think is a bad > idea, please do the proper analysis to see where and how it is used. OK! -- Taras http://oxdef.info ------------------------------------------------------------------------------ For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
