[Zope-dev] weak examples, weak exploits
Casey Duncan
casey@zope.com
Mon, 23 Jun 2003 10:33:42 -0400
I would be in favor of making the Examples "opt-in" like the Zope tutoria=
l. It=20
seems silly to have it in evey ZODB by default. Make people add it if the=
y=20
want it.
-Casey
On Monday 23 June 2003 05:12 am, Jamie Heilman wrote:
> seb bacon wrote:
> > No. Just go ahead and make the changes. It would be instructive for
> > others reading the examples to add a comment or two explaining the
> > rationale behind the extra checking code.
>=20
> 'k I can do that
> =20
> > The file upload vulnerability was fixed in version 1.3 of Examples.ze=
xp,
> > though. The reason it's still turning up in 2.6.x versions is probab=
ly
> > due to upgrades. Therefore I suppose additionally there should be a
> > patch which examines the ZODB on startup and prints a warning if an o=
ld
> > Examples folder is present.
>=20
> You know, ironically, I don't think this "advisory" even covers that ho=
le.
> There's obvious DoS potential in the guest book and such, but thats
> easily limited without degrading the value of the example. Anyway,
> I'll scrape over the examples and see what I can clean up.
>=20
> --=20
> Jamie Heilman http://audible.transient.net/~jamie/
> "Most people wouldn't know music if it came up and bit them on the ass.=
"
> -Frank Zappa
>=20
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -=20
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )
>=20