[Zope-dev] Security hole in CookieCrumbler

Shane Hathaway shane@digicool.com
Tue, 30 Jan 2001 09:55:06 -0500 (EST)


Hi folks,

It turns out that the released versions of the CookieCrumbler product have
a terrible security hole.  I recommend you uninstall it immediately.

I'm not going to be able to deal with the problem fully today, but if
you're interested in getting a solution right away you can grab today's
PTK from CVS which contains a version of CookieCrumbler without the hole.

Thanks to Phil Harris for finding the problem.

Shane