David wrote:
I have a user messing with a site using HTTP PUT to upload files. The
user has access privileges to use a simple CMS (although for the time
being now, they're revoked). Will switching off the permission for
"WebDAV access" prevent any successful PUT or do we need to take further
actions?
Yes.
We also allow FTP access to certain directories. Can this be abused to
upload files elsewhere?
If you can reproduce it, this is a bug, either in your app or in Zope.
If the latter, it would be pretty serious...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
