Mike: Given that you are running on Windows, I'm assuming IIS. If that's the case, then you should be able to quickly "plug" this security hole with the use of this free tool:
http://www.microsoft.com/technet/security/tools/tools/URLscan.asp Limit both the cookie header and the URL lengths to something less than 2864 bytes. (I doubt this will break any of your apps, but don't take my word for it.) This will give you the time you need in order to upgrade from T2K to Witango 5 in a well-planned and well-tested manner. Todd On Sun, 3 Aug 2003, mike bravu wrote: > BTW: I own Tango 2000/SP1 for Windows... > > The issue of knowing you have a vulnerability in the code to a product that > you now own but do not offer a technical solution for a crucial feature is > very troublesome. Forcing users to upgrade seems to me like blackmail. What > choice do we have to keep our applications running? > ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/maillist.taf
