Benjamin Smedberg (firstname.lastname@example.org)
Fri, 25 Jun 1999 13:15:27 -0400
> Hi, Geoff and company. I'm a bit concerned about the latest input
> added to htsearch:
> * htsearch/htsearch.cc (main): Add support for form inputs
> configdir and commondir as contributed by Herbert Martin Dietze
> * htsearch/Display.cc (createURL): If configdir and commondir are
> defined, add them to URLs sent for other pages.
I agree. These are serious security holes. What is accomplished by these
parameters can just as easily be accomplished by the allow_in_form parameter
and symbolic links in the conf directory.
+ Benjamin Smedberg
+ CUA Asst. Webmaster
+ How to make God laugh: tell Him YOUR plans!
To unsubscribe from the htdig3-dev mailing list, send a message to
email@example.com containing the single word "unsubscribe" in
the SUBJECT of the message.
This archive was generated by hypermail 2.0b3 on Fri Jun 25 1999 - 09:28:02 PDT