Re: [Zope] security

15 Jun 2001


      the www.yoursite.com was meant to be so that i didnt advertise
my site with a huge security hole in it.

is an alias for my site and wasn't meant to be taken literally

barry
...
From: Jason Byron <jason_zope@yahoo.com>
To: barry haycock <bhaycock@hotmail.com>
CC: zope@zope.org
Subject: Re: [Zope] security
Date: Fri, 15 Jun 2001 00:10:49 -0700 (PDT)
MIME-Version: 1.0
Received: from [216.115.105.156] by hotmail.com (3.2) with ESMTP id 
MHotMailBCF2FFF9006940043256D873699C0A530; Fri Jun 15 00:10:49 2001
Received: from [64.160.203.91] by web4601.mail.yahoo.com; Fri, 15 Jun 2001 
00:10:49 PDT
From jason_zope@yahoo.com Fri Jun 15 00:12:06 2001
Message-ID: <20010615071049.883.qmail@web4601.mail.yahoo.com>
In-Reply-To: <F44wY0VnkB4ltFlmmlQ00001650@hotmail.com>
I get:
HTTP/1.0 404 Object Not Found
p.s. try not to send html to the list
--- barry haycock <bhaycock@hotmail.com> wrote:
<HR>
<html><DIV>Can anyone help me with this security issue regarding
ZOPE</DIV>
<DIV> </DIV>
<DIV>If you go to <A
href="http://www.yoursite.com/manage_workspace">www.yoursite.com/manage_workspace</A></DIV>
<DIV> </DIV>
<DIV>you can access the manage screens of zope</DIV>
<DIV> </DIV>
<DIV>THIS IS NOT GOOD</DIV>
<DIV> </DIV>
<DIV>how can you overcome this</DIV>
<DIV> </DIV>
<DIV>I am using solaris v8 with apache as the web server talking
to another solaris box with zope 2-3-0</DIV>
<DIV> </DIV>
<DIV>I have just found a way to edit the source code so that it
emails me with the user name and password whenever the next
person logs in.  I can also edit any source code within the
site.</DIV>
<DIV> </DIV>
<DIV>REQUIRE QUICK RESPONSE</DIV><br clear=all><hr>Get Your
Private, Free E-mail from MSN Hotmail at <a
href="http://www.hotmail.com">http://www.hotmail.com</a>.<br></p></html>
_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )
__________________________________________________
Do You Yahoo!?
Spot the hottest trends in music, movies, and more.
http://buzz.yahoo.com/
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.