This is akready being discussed in web2py-developers list On Wed, Jan 11, 2012 at 8:41 PM, G. Clifford Williams < [email protected]> wrote:
> I haven't seen anyone mention this so I thought I'd bring it up for > web2py in general and rocket specifically. > > http://www.ocert.org/advisories/ocert-2011-003.html > > The above URL speaks of an attack that's been well known for a number > of years and someone has recently gotten around to demonstrating how > much damage can be caused by exploiting it. > > Do we know whether Rocket is vulnerable to this? > > > --G. Clifford Williams > Your friendly absentee enthusiast.. > -- Bruno Rocha [http://rochacbruno.com.br]
