seb bacon wrote:
> 
> 
> Shane Hathaway wrote:
> 
>> seb bacon wrote:
>>
>>> Production sites running a stock Zope are vulnerable to abuse of 
>>> their server if they have not removed the 'Examples' folder.  For 
>>> example, anyone could use 
>>> http://notcarefulenough.com/Examples/FileLibrary as a warez repository.
>>
>>
>>
>> Are you sure?  I get an "Unauthorized" error (but not until I actually 
>> try to upload).
>>
>> Shane
> 
> 
> I'm sure, I've tried it on a few sites.

Hmm, it would appear that the "Add Documents, Images, and Files" 
permission is enabled for anonymous.  It shouldn't be, obviously.

Shane



_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to