Hi all, CERT has issued a security advisory regarding improperly checked output from dynamic pages. The CERT advisory can be found at: http://www.cert.org/advisories/CA-2000-02.html. Unfortunately, Squishdot is vulnerable to such problems. However, I (and others in the Zope community) am trying to find a permanent solution to this. Of course, your help is also welcome (code patches accepted :^)) While each site (e.g. depending on the audience, accessibility, amount of traffic) is vulnerable in varying degrees to these types of problems, I would urge each administrator to evaluate their own security policies regarding these problems and take steps appropriate for their own circumstances. In the meantime -- temporarily -- the best way to deal with the problem is to turn moderation on for everything, and then properly check each posting manually. Regards, Butch ===== Butch Landingin Squishdot maintainer http://squishdot.org squishdot@yahoo.com __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com