28 Dec
2001
28 Dec
'01
5:09 a.m.
At Fri, 28 Dec 2001 00:14:21 -0500, Chris McDonough wrote:
At the time, I hadn't received any feedback (however, I'm not blaming anyone). I also never posted this to the collector before. Should one of us post this?
It would be appreciated, Joseph.
ok ... I can post this afternoon.
Just to be safe ... You shouldn't use this entire patch unless your server is behind apache or a proxy server and best if protected by a firewall. It could open a potential security leak if you use the "domains" field for authentication and the zope server is not protected by apache.
Is the issue that the X-Forwarded-For header controls the domain setting?
yes ... everyone should probably not use this patch right-out-of-the-box. - j