[Zope-dev] Virtual Host Monster Paranoia

[Chris Withers]

Toby Dickenson wrote:
> 
> http://zopehost.foo.com/VirtualHost/http/www.simpledomain/blah/VirtualHost/bad.stuff/blah
> 
> Understanding its behaviour behaviour might be beyond the complexity
> threshold for a paranoid admin to be comfortable.

Well, it's easy enough to find out if a site is running Zope, then this becomes
pretty easy attack to think of....
(like objectIds, objectItems and ObjectValues used to be, they're great fun for
poking your nose into other people's Zope sites and finding stuff you shouldn't
;-)

cheers,

Chris (the paranoid one ;-)