Stephan Richter wrote:
On Thursday 01 December 2005 09:28, Chris Withers wrote:

Do we want Zope to always respond to this header?
Yes, it's helpful for testing, but surely it risks information
disclosure vulnerabilities or worse if used on a production application?

The user would receive no useful information, since he would only get a SystemError page that contains null information.

Sorry, I'm obviously misunderstand how this header works..

What does setting this header actually do?

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to