As I already suggested ages ;) ago (and still didn't put into
practice) it would here again be best to deny everything that isn't
explicitly allowed (e.g. allow whatever ends with _html or .html and
deny everything else) but then I would have to go over the whole
website and make bazillions of changes ...
I fixed the problem temporarily by adding some
"FilesMatch/LocationMatch + deny from all" in my httpd.conf. But what
else do I have to deny apart from objectIds?
>Andrew Kenneth Milton wrote:
>> | http://www.zope.org/standard_html_header for example ;-)
>> Not that old chestnut again...
>Yes, that old chestnut again. If it's considered a serious security flaw
>by Microsoft, maybe the Zope community should finally do something to
>...and yes, there are discussions about this on Zope-dev right now,
>which will hopefully produce a solution :-)
>Zope maillist - [EMAIL PROTECTED]
>** No cross posts or HTML encoding! **
>(Related lists -
> http://lists.zope.org/mailman/listinfo/zope-dev )
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -