Dear mr Polak,
Sorry for disturbing You. I must write You, because I think that there is
a safety problem in your program. I think that you didn't hear
about it yet. I found your program on the Internet. I needed a program that
can run on 286 with 1 Mb RAM. I found Arachne, I use it since then for www.
I use my own program for mail. I don't like very much the part of Arachne that
exchanges mail, but my computer is too slow and it coud be the reason why.
Anyway, Arachne is quiet good, and I'm satisfied with it.
Maybe I'll register for it one day...
I recently saw on the homepage the new 1.61 version available. I didn't
download it yet, all this written down depends on 1.50 version. I think,
this mistake is not corrected yet.
Unfortunately, in the HTML files that are downloaded from the Internet
by Arachne if there is a form, then here a Hacker can add any tags definied
in the official Arachne extensions to HTML. (For instance:
<INPUT TYPE=HIDDEN NAME=anything ARACHNECFGVALUE=something> )
In this way, he can find data that are stored in the file Arachne.cfg.
If you wisit my website solair.eunet.yu/~justin you can see an
example for this. (This doesn't download important information - only
username and similar, exept the password) All this happens, when the
user clics on the "submit" button. (By me: "GLAVNI DEO PREZENTACIJE"
that means: the next part of the presentation in my language )
My hompage sends an e-mail if you click to the submit button that
includes the username if he uses Arachne.
Please, write me if you know about this problem!
Yours faitfully,
Justin
