On May 19, 2009, at 9:23 PM, Steve McMahon wrote:
The paper mentions Plone, but all they found is that Plone rejects the
bad input but Since this error generates
~100 lines in the log file, it may be used to obfuscate other
attacks. I found no serious vulnerability claim.
How odd. Just did the test myself and it generates a 70 line
traceback in the event log. I fail to see how this could possibly
obfuscate other attacks... unless you were completely clueless about
tracebacks. Steve is too kind. This claim is just ridiculous.
Ric
___
Framework-Team mailing list
Framework-Team@lists.plone.org
http://lists.plone.org/mailman/listinfo/framework-team