11 Jul
2002
11 Jul
'02
2:42 p.m.
seb bacon wrote:
Shane Hathaway wrote:
seb bacon wrote:
Production sites running a stock Zope are vulnerable to abuse of their server if they have not removed the 'Examples' folder. For example, anyone could use http://notcarefulenough.com/Examples/FileLibrary as a warez repository.
Are you sure? I get an "Unauthorized" error (but not until I actually try to upload).
Shane
I'm sure, I've tried it on a few sites.
Hmm, it would appear that the "Add Documents, Images, and Files" permission is enabled for anonymous. It shouldn't be, obviously. Shane