[Zope-dev] Vulnerability in Zope
seb bacon
seb@jamkit.com
Mon, 24 Sep 2001 11:00:38 +0100
* Andy McKay <andym@ActiveState.com> [010924 01:11]:
> Haven't we been complaining about this automatic appending of tracebacks for
> a while? To me this is what log files are for.... but Im not sure what this
> guy is on. I wouldnt count this as a "security vulnerability".
It's not an exploitable vulnerability (which is the only sort of
vulnerability in my book ;) but it's as ugly as a warthog, and it would
be nice to arrange things more gracefully.
seb
>
> ----- Original Message -----
> From: "Chris Withers" <chrisw@nipltd.com>
> To: "Paul Everitt" <paul@zope.com>; "ALife" <buginfo@inbox.ru>
> Cc: <Zope-Dev@zope.org>
> Sent: Sunday, September 23, 2001 10:44 AM
> Subject: Re: [Zope-dev] Vulnerability in Zope
>
>
> > > Do others consider this a vulnerability?
> >
> > Yup... especially given the hard-coded (sigh) error page returned for
> > authentication error gives out this information :-(
> >
> > Chris
> >