I don't believe so. To exploit this, one would have to be able to
change a environment variable, change something which uses a URI (like
a view), or convince a user to run a hostile castle-based exe on their
system. In all three cases, the system is already compromised.
--
Truth,
James
On Mon, Mar 2, 2009 at 1:15 AM, hammett <[email protected]> wrote:
>
> Isnt there security implications on this one?
>
> On Sun, Mar 1, 2009 at 2:57 AM, <[email protected]> wrote:
>> - Applied Eric Hauser's patch fixing CORE-ISSUE-22
>> "Support for environment variables in resource URI"
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Castle Project Development List" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/castle-project-devel?hl=en
-~----------~----~----~----~------~----~------~--~---