----- Original Message ----- From: "Gregory Steuck" <[EMAIL PROTECTED]> To: "jelmer" <[EMAIL PROTECTED]> Cc: "morning_wood" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, October 20, 2003 7:27 AM Subject: Re: [Full-Disclosure] Caucho Resin 2.x - Cross Site Scripting
> >>>>> "jelmer" == jelmer <[EMAIL PROTECTED]> writes: > > jelmer> Donny, These are in the example applications, which any sane > jelmer> admin should disable right away, much like caucho-status > jelmer> These are basic procedures in setting up a server. > > Yes, but is it not extremely lame of the vendor to ship samples with > XSS vulnerabilities? The point of examples is usually to be as clear as possible so it's easy to userstand, adding filtering would just make the examples harder to read, it's not production code after all, I think it's perfectlty ok if caucho refuses to "fix" this _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
