According to the release note for htdig-3.2.0b2. It added more functionality
and fixed all known bugs after 3.1.5
But apparently it still has the relevance ($(PERCENT)) bug and not stable
enough.
I am asking for any suggestions about which version (3.1.5 or 3.2.0b2)
should be used for our company web site.
Any experience about the advantage and disadvantage of both the versions?
Any suggestions will be greatly appreciated.
-Edward
-----Original Message-----
From: Gilles Detillieux [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 12, 2001 2:45 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [htdig] security hole (was: how to set the $(PERCENT)? -it
always show 1%)
According to Edward Lu:
> Geoff,
> What is the security hole in version 3.1.5?
> It sounds scary.
The security hole is in version BEFORE 3.1.5, and is fixed in 3.1.5. It
allowed a user to snoop through any file on your web server's file system,
as long as it was readable by the user ID under which the web server process
runs, just by passing it a special query string in the htsearch URL.
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW:
http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>
