At Fri, 28 Dec 2001 00:14:21 -0500,
Chris McDonough wrote:
> > At the time, I hadn't received any feedback (however, I'm not blaming
> > anyone). I also never posted this to the collector before. Should one
> > of us post this?
> It would be appreciated, Joseph.
ok ... I can post this afternoon.
> > Just to be safe ... You shouldn't use this entire patch unless your
> > server is behind apache or a proxy server and best if protected by a
> > firewall. It could open a potential security leak if you use the
> > "domains" field for authentication and the zope server is not
> > protected by apache.
> Is the issue that the X-Forwarded-For header controls the domain setting?
yes ... everyone should probably not use this patch
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -