Benjamin Smedberg (41smedberg@itas07.cpit.cua.edu)
Fri, 25 Jun 1999 13:15:27 -0400
> Hi, Geoff and company. I'm a bit concerned about the latest input
parameters
> added to htsearch:
>
> * htsearch/htsearch.cc (main): Add support for form inputs
> configdir and commondir as contributed by Herbert Martin Dietze
> <herbert@fh-wedel.de>.
>
> * htsearch/Display.cc (createURL): If configdir and commondir are
> defined, add them to URLs sent for other pages.
I agree. These are serious security holes. What is accomplished by these
parameters can just as easily be accomplished by the allow_in_form parameter
and symbolic links in the conf directory.
+============================================
+ Benjamin Smedberg
+ CUA Asst. Webmaster
+ 41smedberg@cua.edu
+============================================
+ http://www.acad.cua.edu/cpit/as/bds/
+ How to make God laugh: tell Him YOUR plans!
+============================================
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
htdig3-dev@htdig.org containing the single word "unsubscribe" in
the SUBJECT of the message.
This archive was generated by hypermail 2.0b3 on Fri Jun 25 1999 - 09:28:02 PDT