Stefano Mazzocchi wrote:
Tony Collen wrote:
Browsing the livesites, on a whim I tried this URL:
http://dir.salon.com/?cocoon-view=content
and it worked! Obviously someone deploying Cocoon should be aware that
this view is on by default, and may reveal data in your page you might
not want. I
By the way, I think there are bigger security problems in cocoon...
Don't be shy and speak out loud :)
What do have you in mind exactly?
--
Torsten
At 07:39 AM 3/21/2003, you wrote:
By the way, I think there are bigger security problems in cocoon...
Don't be shy and speak out loud :)
What do have you in mind exactly?
--
Torsten
Sorry - wasn't being shy, just trying to be quick and didn't have time to
get fully into that fully right now (nor
On 21/03/2003 13:57 Geoff Howard wrote:
OK, gotta get back to work - I'm in the middle of a launch.
Be careful, rockets are nasty things these days.
/Steven
--
Steven Noelshttp://outerthought.org/
Outerthought - Open Source, Java XML Competence Support Center
Read my
On 21/03/2003 13:57 Geoff Howard wrote:
Also, is cocoon-reload still enabled by default? seems a wget in a loop
with ?cocoon-reload=true could put a site in a world of hurt... (by the
way, last time I checked Jetty/Cocoon cvs is barfing on that..)
... and from the difference in speed between
Steven Noels [EMAIL PROTECTED] wrote:
On 21/03/2003 13:57 Geoff Howard wrote:
Also, is cocoon-reload still enabled by default? seems a wget in a loop
with ?cocoon-reload=true could put a site in a world of hurt... (by the
way, last time I checked Jetty/Cocoon cvs is barfing on that..)
Geoff Howard wrote:
By the way, I think there are bigger security problems in cocoon...
Like what? (not being arrogant or defensive, just curious... damn email
communication sometimes coveys the wrong tone)
Stefano.
Steven Noels wrote:
On 21/03/2003 13:57 Geoff Howard wrote:
Also, is cocoon-reload still enabled by default? seems a wget in a
loop with ?cocoon-reload=true could put a site in a world of hurt...
(by the way, last time I checked Jetty/Cocoon cvs is barfing on that..)
... and from the
Geoff Howard wrote:
By the way, I think there are bigger security problems in cocoon...
snip/
Also, is cocoon-reload still enabled by default? seems a wget in a
loop with ?cocoon-reload=true could put a site in a world of hurt...
(by the way, last time I checked Jetty/Cocoon cvs is barfing
At 08:33 AM 3/21/2003, you wrote:
Geoff Howard wrote:
By the way, I think there are bigger security problems in cocoon...
snip/
Also, is cocoon-reload still enabled by default? seems a wget in a loop
with ?cocoon-reload=true could put a site in a world of hurt... (by the
way, last time I
At 08:24 AM 3/21/2003, you wrote:
Geoff Howard wrote:
By the way, I think there are bigger security problems in cocoon...
Like what? (not being arrogant or defensive, just curious... damn email
communication sometimes coveys the wrong tone)
Stefano.
You've probably seen my other email by now,
On Fri, 21 Mar 2003, Geoff Howard wrote:
Is it? With in-memory upload you can get to OutOfMemory exceptions and
potentially corrupt cocoon instance. With file uploads, you can create
100Mb file systems which you can fill up but you won't disturb
functionality of the server. I don't see how
Tony Collen wrote:
On Fri, 21 Mar 2003, Geoff Howard wrote:
Is it? With in-memory upload you can get to OutOfMemory exceptions and
potentially corrupt cocoon instance. With file uploads, you can create
100Mb file systems which you can fill up but you won't disturb
functionality of the server.
At 01:52 PM 3/21/2003, you wrote:
On Fri, 21 Mar 2003, Geoff Howard wrote:
Is it? With in-memory upload you can get to OutOfMemory exceptions and
potentially corrupt cocoon instance. With file uploads, you can create
100Mb file systems which you can fill up but you won't disturb
functionality
At 03:19 AM 3/21/2003, you wrote:
Stefano Mazzocchi wrote:
Tony Collen wrote:
Browsing the livesites, on a whim I tried this URL:
http://dir.salon.com/?cocoon-view=content
and it worked! Obviously someone deploying Cocoon should be aware that
this view is on by default, and may reveal data in
On Fri, 21 Mar 2003, Geoff Howard wrote:
multiple-snippage/
So, at the end, I would do:
1) turn off views from the default sitemap. NOTE: this will turn off the
ability to make static snapshots of your webapp from the cocoon CLI!
Well, this is obviously not good for us... so...
2) write
Browsing the livesites, on a whim I tried this URL:
http://dir.salon.com/?cocoon-view=content
and it worked! Obviously someone deploying Cocoon should be aware that
this view is on by default, and may reveal data in your page you might
not want. I have yet to see bad data get exposed, but
Tony Collen wrote:
Browsing the livesites, on a whim I tried this URL:
http://dir.salon.com/?cocoon-view=content
and it worked! Obviously someone deploying Cocoon should be aware that
this view is on by default, and may reveal data in your page you might
not want. I have yet to see bad data
18 matches
Mail list logo
