* Andy McKay <andym@ActiveState.com> [010924 01:11]:
Haven't we been complaining about this automatic appending of tracebacks for a while? To me this is what log files are for.... but Im not sure what this guy is on. I wouldnt count this as a "security vulnerability".
It's not an exploitable vulnerability (which is the only sort of vulnerability in my book ;) but it's as ugly as a warthog, and it would be nice to arrange things more gracefully. seb
----- Original Message ----- From: "Chris Withers" <chrisw@nipltd.com> To: "Paul Everitt" <paul@zope.com>; "ALife" <buginfo@inbox.ru> Cc: <Zope-Dev@zope.org> Sent: Sunday, September 23, 2001 10:44 AM Subject: Re: [Zope-dev] Vulnerability in Zope
Do others consider this a vulnerability?
Yup... especially given the hard-coded (sigh) error page returned for authentication error gives out this information :-(
Chris