I don't believe so.  To exploit this, one would have to be able to
change a environment variable, change something which uses a URI (like
a view), or convince a user to run a hostile castle-based exe on their
system.  In all three cases, the system is already compromised.

-- 
Truth,
    James

On Mon, Mar 2, 2009 at 1:15 AM, hammett <[email protected]> wrote:
>
> Isnt there security implications on this one?
>
> On Sun, Mar 1, 2009 at 2:57 AM,  <[email protected]> wrote:
>>  - Applied Eric Hauser's patch fixing CORE-ISSUE-22
>>   "Support for environment variables in resource URI"

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Castle Project Development List" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/castle-project-devel?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to