On Fri, 22 Oct 1999, Susan Alderman wrote:
>
> I'd vote for removing the CGI command - one of the things that analog
> has going for it is that it's simple to use, simple to set up. When
> you start getting into security issues like this, all of a sudden
> it's NOT simple to use/set up and peopl
- Original Message -
From: Stephen Turner <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 25, 1999 10:08 AM
Subject: Re: Re[2]: [analog-help] CGI Error on NT IIS 4
> I'm sure this could be made to work. However, I still think that the
> neates
At 07:24 PM 10/22/1999 +0100, you wrote:
>It seems to me, as I explained before, that this is a serious security
>risk. Of course, I can warn people about it, but they won't necessarily
>know, or be able to find out easily, whether their server is an at-risk one.
>Or even read the instructions.
>
On Fri, 22 Oct 1999, Stephen Turner wrote:
> On Thu, 21 Oct 1999, Aengus Lawlor wrote:
> >
> > The documentation says of CGI ON that "You can't choose any options that
> > way though". This isn't my experience. I just typed in the following URL
> >
> > http:///analog/analog.exe?c:\logs\jun.log
On Thu, 21 Oct 1999, Aengus Lawlor wrote:
>
> The documentation says of CGI ON that "You can't choose any options that
> way though". This isn't my experience. I just typed in the following URL
>
> http:///analog/analog.exe?c:\logs\jun.log+c:\logs\jul.log+%2bC"H
> OSTNAME+Test"+%2bO-+%2bC"CGI%2