At Fri, 28 Dec 2001 00:14:21 -0500,
Chris McDonough wrote:
> 
> > At the time, I hadn't received any feedback (however, I'm not blaming
> > anyone). I also never posted this to the collector before.  Should one
> > of us post this?
> 
> It would be appreciated, Joseph.

ok ... I can post this afternoon.

> 
> > Just to be safe ... You shouldn't use this entire patch unless your
> > server is behind apache or a proxy server and best if protected by a
> > firewall. It could open a potential security leak if you use the
> > "domains" field for authentication and the zope server is not
> > protected by apache.
> 
> Is the issue that the X-Forwarded-For header controls the domain setting?
> 

yes ... everyone should probably not use this patch
right-out-of-the-box.

- j

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to