[Zope-dev] Vulnerability: attacking can get file list and directory
Casey Duncan
c.duncan@nlada.org
Mon, 24 Sep 2001 12:37:30 -0400
On Monday 24 September 2001 10:59 am, Shane Hathaway allegedly wrote:
[snip]
> PDV just yields information you might give out anyway. But maybe we
> could deal with it anyway by writing an "error.log" instead of sending
> the traceback to the browser. What do you think?
>
> Shane
>
My suggestion would be to hide it for all users except Managers by default.
So that you aren't hosed if you don't have access to the server log files...
/---------------------------------------------------\
Casey Duncan, Sr. Web Developer
National Legal Aid and Defender Association
c.duncan@nlada.org
\---------------------------------------------------/