On Wed, 6 Oct 1999, Georg Horn wrote:
> Yupp, but what if these people use their extra time to hack your webserver?
> So i think you can't avoid making your programs that are publically accessible
> secure...
The exploit they have devised requires shell access to a Linux based
host so _our_ server is OK ;-)
Seriously, as soon as anyone raises a security issue we fix it (like the
force_suffix option added to 2.0.11). In other forums, "real" security
concerned organisations have contacted us a couple of days prior to making
a public statement so that we could give them details of a fix. BUGTRAQ
doesn't work that way and I sometimes feel the list members often go out
of their way to show personal "hacking ability" rather than to help solve
a problem.
Anyway, a fix is in the works.
Bambi
...
-------------------------------------------------------------------------
To unsubscribe, go to http://www.Hughes.com.au/extras/email/
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 09:03:51 EST