I would be in favor of making the Examples "opt-in" like the Zope tutorial. It seems silly to have it in evey ZODB by default. Make people add it if they want it.
-Casey On Monday 23 June 2003 05:12 am, Jamie Heilman wrote: > seb bacon wrote: > > No. Just go ahead and make the changes. It would be instructive for > > others reading the examples to add a comment or two explaining the > > rationale behind the extra checking code. > > 'k I can do that > > > The file upload vulnerability was fixed in version 1.3 of Examples.zexp, > > though. The reason it's still turning up in 2.6.x versions is probably > > due to upgrades. Therefore I suppose additionally there should be a > > patch which examines the ZODB on startup and prints a warning if an old > > Examples folder is present. > > You know, ironically, I don't think this "advisory" even covers that hole. > There's obvious DoS potential in the guest book and such, but thats > easily limited without degrading the value of the example. Anyway, > I'll scrape over the examples and see what I can clean up. > > -- > Jamie Heilman http://audible.transient.net/~jamie/ > "Most people wouldn't know music if it came up and bit them on the ass." > -Frank Zappa > > _______________________________________________ > Zope-Dev maillist - [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope ) > _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )