--On Monday, February 27, 2006 11:28 AM -0500 "David F. Skoll"
<[EMAIL PROTECTED]> wrote:
vTiger is thousands of security holes packaged up as a slick-looking
Web application. I would never place it on a publicly-accessible
server.
I was shopping at one time for a wiki and saw the same thing in Twiki.
About a week after I loaded a copy for evaluation a big security hole was
found. (Shell metacharacter exploit.) I took mine down and haven't
revisited deploying my own wiki since then. It amazes me that people still
invoke a shell from CGI code (instead of directly exec'ing the desired
program). (Not that it's a complete solution, but it's the most common
source of exploits I see.)
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
