[Zope] security
Chris McDonough
chrism@digicool.com
Fri, 15 Jun 2001 05:50:15 -0400
Barry,
If you believe that this is a real problem, can you provide a
step-by-step exploit via the Collector
(http://classic.zope.org:8080/Collector)? There's a way to mark a
Collector issue as "security-related", which means no one but DC folks
can see the issue until we've found that it's not a problem or that
we've got a fix.
Many thanks,
- C
barry haycock wrote:
>
> Can anyone help me with this security issue regarding ZOPE
>
> If you go to www.yoursite.com/manage_workspace
>
> you can access the manage screens of zope
>
> THIS IS NOT GOOD
>
> how can you overcome this
>
> I am using solaris v8 with apache as the web server talking to another
> solaris box with zope 2-3-0
>
> I have just found a way to edit the source code so that it emails me
> with the user name and password whenever the next person logs in. I
> can also edit any source code within the site.
>
> REQUIRE QUICK RESPONSE
>
> ----------------------------------------------------------------------
> Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com.
>
> _______________________________________________ Zope maillist -
> Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross
> posts or HTML encoding! ** (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )