According to Douglas Kline:
> Pursuant to your suggestion, we have installed v. 3.1.5. The only reference to
> an improvement in security of this version over v, 3.1.1 in the Release Notes
> to which you give Web page reference is:
>
> Fixed a nasty security hole in htsearch, which would allow users to view any
> file on your site that had read permission.
>
> I would like to ask whether this security hole applies to all installations of
> ht-Dig v. 3.1.1 and, if not, how one can determine if it applies to a
> particular installation. It isn't clear to me how a user could use htsearch to
> view files which aren't Web pages which are indexed by the search engine's
> database. This is of concern because there are other installations of ht-Dig
> v.3.1.1 at this institution and we need to evaluate their security.
This is explained in more detail in the FAQ, and the advisory which the
FAQ points to. See http://www.htdig.org/FAQ.html#q2.1
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>
