I would be in favor of making the Examples "opt-in" like the Zope tutorial. It
seems silly to have it in evey ZODB by default. Make people add it if they
On Monday 23 June 2003 05:12 am, Jamie Heilman wrote:
> seb bacon wrote:
> > No. Just go ahead and make the changes. It would be instructive for
> > others reading the examples to add a comment or two explaining the
> > rationale behind the extra checking code.
> 'k I can do that
> > The file upload vulnerability was fixed in version 1.3 of Examples.zexp,
> > though. The reason it's still turning up in 2.6.x versions is probably
> > due to upgrades. Therefore I suppose additionally there should be a
> > patch which examines the ZODB on startup and prints a warning if an old
> > Examples folder is present.
> You know, ironically, I don't think this "advisory" even covers that hole.
> There's obvious DoS potential in the guest book and such, but thats
> easily limited without degrading the value of the example. Anyway,
> I'll scrape over the examples and see what I can clean up.
> Jamie Heilman http://audible.transient.net/~jamie/
> "Most people wouldn't know music if it came up and bit them on the ass."
> -Frank Zappa
> Zope-Dev maillist - [EMAIL PROTECTED]
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope )
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -