1.2.5(6) stops the functioning of the notes files.
path is notes/xxx.txt and the slash is not allowed.
if line 7431: elsif ($fil !~ /^[\w-\.]+\.txt$/i){
becomes elsif ($fil !~ /^[\w][\w-\.\/]+\.txt$/i){
then the path (if present) has to be below the base and the notes are
functioning
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
1.2.5(6) stops the functioning of the notes files.
Thanks, try (7)
-
Using Tomcat but need to do more? Need to support
On 18 Aug 2006 at 10:51, Fritz Borgstedt wrote:
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
1.2.5(6) stops the functioning of the notes files.
Thanks, try (7)
Great. Works fine.
Javier Albinarrate wrote:
What do you think?
$.02: I think this is increasingly becoming the wrong approach. The
interface allows for files to be placed in any [sub]directory of the
admins choosing. For instance, take a look at my [preferred] directory
structure off the ASSP base:
On 18 Aug 2006 at 12:41, Javier Albinarrate wrote:
This opens the possibility of making things like
images/../../../../blah.txt
Yes
If other directories should be allowed, then these should be
speciffically allowed I think.
Like:
elsif ($fil !~
[EMAIL PROTECTED] wrote:
Do we need to be that restrictive?
No, and we shouldn't be due to the customizable configuration of ASSP.
Also, I've just discovered that we need .db files in there. Currently you
can't look at your
pb/.db files through the interface.
Good point. I
Although, if possible, I think it would be
safer to restrict access to specific file types. We just need an
accurate list.
Please stop this shit.
-
Using Tomcat but need to do more? Need to support web services,
Fritz Borgstedt wrote:
Please stop this shit.
Stop what shit Fritz? *You cant current open the PB DB's via the web
interface*. We are discussion a resolution. Or are we no longer
allowed to do that?
-
Using Tomcat
Frankly I think it would be fine to just limit ASSP to it's own
directory and sub-folders.
That will be restored.
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
Stop what shit Fritz? *You cant current open the PB DB's via the web
interface*. We are discussion a resolution. Or are we no longer
allowed to do that?
You are not discussing a resolution,
Fritz Borgstedt wrote:
You are not discussing a resolution, you are making proposals for
restrictions.
I didn't realize that expressing my opinion about an issue was making a
proposal. Thanks for clarifying that for me.
That will be restored.
I think most of it is now corrected in (10).
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Questions and Answers for users of ASSP Anti-Spam SMTP Proxy
assp-user@lists.sourceforge.net schreibt:
I think most of it is now corrected in (10).
It is now corrected in (11).
-
Using Tomcat but need to do more? Need to
It is now corrected in (11).
The following rules apply now:
- '..' unallowed everywhere
- Edit of files in ASSP directory OR upper directories allowed only
for
'.txt' and '.db' files. This to block accessing to other info at the
assp
directory, like assp.pl or even the config etc
- Get of
Fritz Borgstedt wrote:
The following rules apply now:
- '..' unallowed everywhere
- Edit of files in ASSP directory OR upper directories allowed only
for
'.txt' and '.db' files. This to block accessing to other info at the
assp
directory, like assp.pl or even the config etc
- Get of
On 8/18/06, Fritz Borgstedt [EMAIL PROTECTED] wrote:
It is now corrected in (11).
The following rules apply now:
- '..' unallowed everywhere
- Edit of files in ASSP directory OR upper directories allowed only
for
'.txt' and '.db' files. This to block accessing to other info at the
assp
16 matches
Mail list logo