[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Cobalt wishlist

Subject: Re: [cobalt-users] Cobalt wishlist
From: Paul Schreiber <cheesefactory@xxxxxxxxx>
Date: Wed Apr 5 13:10:07 2000

--- Chris Adams <cmadams@xxxxxxxxxx> wrote:
> > You *are* aware that any site web can turn CGI and SSI back on at will
> > when they are turned off in the GUI by default...? (bu simply adding
> handlers
> > in .htaccess, unless you intentionally make it non readable to the user)
> 
> There is a security hole here too (I reported it over a month ago and
> they said they are working on a fix, but they haven't released one yet).
> 
> Part of the problem is that the wonderful FrontPage extensions require
> "AllowOverride All" in the web config file.

Report it to bugtraq. That'll get it fixed -real- fast. :-)

www.security-focus.com

Paul

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Follow-Ups:
- Re: [cobalt-users] Cobalt wishlist
  - From: Chris Adams
- RE: [cobalt-users] Cobalt wishlist
  - From: Tony
- Re: [cobalt-users] Cobalt wishlist
  - From: Will DeHaan

Prev by Date: Re: [cobalt-users] Todays giggle
Next by Date: Re: [cobalt-users] Raq 2 & Raq 3 Filtered Login Security
Previous by thread: RE: [cobalt-users] Cobalt wishlist
Next by thread: Re: [cobalt-users] Cobalt wishlist

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index