11 Mar
2001
11 Mar
'01
12:25 p.m.
Hello! Our system/network admins scanned our local network and found on my computer strange proxy :)
telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET http://www.zope.org/ HTTP/1.0 Host: localhost
Then Zope returned root page of localhost, not www.zope.org, so it is not security hole, but anyway I think ZServer should not accept server name in he request. Instead an error (perhaps HTTP error 400) should be returned. Should I report this to Collector? Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.