Archive of UserLand's first discussion group, started October 5, 1998.

Security hole

Author:Oliver Breidenbach
Posted:5/10/2000; 8:59:16 AM
Topic:Security hole
Msg #:17154
Prev/Next:17153 / 17155

From Scripting News:

Brent Simmons reports that the security hole posted yesterday on Zope.Org has been closed at all levels in Frontier, including Manila, mainResponder, and the Control Panel. We now check the referer on every POST request, and if it is incorrect, we reject the request. This could cause compatibility problems for people who use browsers that don't send a referer attribute. We are also curious to know if there's any way to set the referer from JavaScript (remembering Murphy).

Forgive my ignorance, but just to make sure: The referer is the field that has the adress of the page that contained the link? I seem to remember that I once looked into the log files of my webservers and some of the entries did not have the correct referrer information. I guess this means that there are proxy servers or browsers out there that will not work anymore with Manila. Did you get any hints about that during the work?

Cheers,

Oliver.


There are responses to this message:


This page was archived on 6/13/2001; 4:55:08 PM.

© Copyright 1998-2001 UserLand Software, Inc.