On Tue, 1 Jul 2003, Tzafrir Cohen wrote: > On Tue, Jul 01, 2003 at 09:49:11AM +0300, Muli Ben-Yehuda wrote: > > ----- Forwarded message from Aviram Jenik <[EMAIL PROTECTED]> ----- > > > > Date: Tue, 1 Jul 2003 07:35:38 +0300 > > From: Aviram Jenik <[EMAIL PROTECTED]> > > Organization:Beyond Security Ltd. > > User-Agent: KMail/1.5.2 > > To: Muli Ben-Yehuda <[EMAIL PROTECTED]> > > Subject: Cross Site Scripting Attack on IGLU > > > > Hi, > > > > The first thing to do is delete this post > > (http://www.iglu.org.il:8080/Control_Panel/Products/Squishdot/IGLU/1055621120/index_html). > > However, keep in mind that you need to access this page with cookies > > disabled, or else they will get your administrative cookie! > > > > The version of Zope on IGLU is quite old. 2.1-something, IIRC. The > version of Squishdot is probably almost as old. >
Or older... > Upgrade? Replace with something else (that people here know how to > maintain)? This question has arose several times in the past. > We cannot upgrade because Squishdot needs some long manual tempering with to be upgraded: http://www.squishdot.org/Documentation/upgrades.html Besides, we're tired of the fact that Zope stores everything in a monolithic file with a non-standard file format and that none of us knows how to manage a Zope system correctly. (and there isn't anyone who does who is willing to help us). That all, we are going to switch to something else. Ira suggested php-BB at the past, so we might give this a try. Regards, Shlomi Fish ---------------------------------------------------------------------- Shlomi Fish [EMAIL PROTECTED] Home Page: http://t2.technion.ac.il/~shlomif/ There's no point in keeping an idea to yourself since there's a 10 to 1 chance that somebody already has it and will share it before you.
