>
>Be careful with WAIFs. They constitute a severe and virtually
>unfixable security risk when used on an existing DB. Legacy code
>is not accustomed to dealing with this value type.
>
>It took me half an hour to hack a wizbit on Moo Canada when WAIFs
>were installed there.
That was fixed (in the patch, not necessarily on particular servers) fairly quickly though -- at least if you're talking about the same hole that I reported. It wouldn't have been much of a problem except that some of the core security code wasn't all that well-written :)
--
Gavin Lambert, Mirality Systems
<http://www.mirality.co.nz/>
----
The computer is the ultimate polluter: its feces are indistinguishable from the food it produces.
When there's a will, I want to be in it.
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
