3 Dec
2002
3 Dec
'02
8:24 a.m.
Hi, probably the HelpSys object shouldn't be available by default to non-authenticated users, because it gives too much information on the currently installed products. access any Zope site this way : http://your.zope.site/HelpSys and you'll learn what products are available on the server. This can't lead to a direct compromise, but this gives way too much information to anonymous users IMHO. Tested today on several low and very high profile sites. bye, Jerome Alet