[contribteam] [Bug 11439] smeserver-phpki-ng allow remote access for crl

bugzilla-daemon--- via contribteam Fri, 18 Nov 2022 10:49:25 -0800

https://bugs.koozali.org/show_bug.cgi?id=11439


Jean-Philippe Pialasse <[email protected]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[email protected]

--- Comment #2 from Jean-Philippe Pialasse <[email protected]> ---
this could be done using a httpd RewriteRule or something similar on Primary
domain /virtualhost or all domains.
the issue there is to strip anything we do not want in the URL and also check
that the called script will not accept any POST or PUT and will only servce the
revocation list and any other input will be stripped or ignored

we might need to write a specifi php or perl file for this purpose if the httpd
approach is not safe enough

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

[contribteam] [Bug 11439] smeserver-phpki-ng allow remote access for crl

Reply via email to