[Zope-dev] Vulnerability in Zope

Andy McKay andym@ActiveState.com
Sun, 23 Sep 2001 17:00:17 -0700


Haven't we been complaining about this automatic appending of tracebacks for
a while? To me this is what log files are for.... but Im not sure what this
guy is on. I wouldnt count this as a "security vulnerability".

----- Original Message -----
From: "Chris Withers" <chrisw@nipltd.com>
To: "Paul Everitt" <paul@zope.com>; "ALife" <buginfo@inbox.ru>
Cc: <Zope-Dev@zope.org>
Sent: Sunday, September 23, 2001 10:44 AM
Subject: Re: [Zope-dev] Vulnerability in Zope


> > Do others consider this a vulnerability?
>
> Yup... especially given the hard-coded (sigh) error page returned for
> authentication error gives out this information :-(
>
> Chris
>
>
>
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )
>