[htdig] any suggestions for using 3.1.5 or 3.2.0b2?

Subject: [htdig] any suggestions for using 3.1.5 or 3.2.0b2?
From: Edward Lu (ELu@fortpoint.com)
Date: Fri Jan 12 2001 - 14:56:28 PST

According to the release note for htdig-3.2.0b2. It added more functionality
and fixed all known bugs after 3.1.5
But apparently it still has the relevance ($(PERCENT)) bug and not stable
I am asking for any suggestions about which version (3.1.5 or 3.2.0b2)
should be used for our company web site.
Any experience about the advantage and disadvantage of both the versions?

Any suggestions will be greatly appreciated.


-----Original Message-----
From: Gilles Detillieux [mailto:grdetil@scrc.umanitoba.ca]
Sent: Friday, January 12, 2001 2:45 PM
To: ELu@fortpoint.com
Cc: htdig@htdig.org
Subject: Re: [htdig] security hole (was: how to set the $(PERCENT)? -it
always show 1%)

According to Edward Lu:
> Geoff,
> What is the security hole in version 3.1.5?
> It sounds scary.

The security hole is in version BEFORE 3.1.5, and is fixed in 3.1.5. It
allowed a user to snoop through any file on your web server's file system,
as long as it was readable by the user ID under which the web server process
runs, just by passing it a special query string in the htsearch URL.

Gilles R. Detillieux              E-mail: <grdetil@scrc.umanitoba.ca>
Spinal Cord Research Centre       WWW:
Dept. Physiology, U. of Manitoba  Phone:  (204)789-3766
Winnipeg, MB  R3E 3J7  (Canada)   Fax:    (204)789-3930

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You will receive a message to confirm this. List archives: <http://www.htdig.org/mail/menu.html> FAQ: <http://www.htdig.org/FAQ.html>

This archive was generated by hypermail 2b28 : Fri Jan 12 2001 - 15:21:00 PST