sret1 at mathstat
Nov 26, 1998, 6:08 PM
Post #1 of 1
(4983 views)
Permalink
|
|
SECURITY WARNING: analog form interface in versions 3.0 & 2.91.
|
|
--------------------------------------------------------------------
This is the analog-announce mailing list. To unsubscribe from this
mailing list, send mail to analog-announce-request [at] lists
with "unsubscribe analog-announce" in the main BODY OF THE MESSAGE.
--------------------------------------------------------------------
SECURITY WARNING: Do not use the form interface with versions 2.91 or 3.0 of
analog. There is a security hole which could theoretically allow anyone using
the form to ask your server for any file on the system.
A well-configured server would not be able to read any really sensitive files,
but you probably still don't want outside people reading all the files that
the server can read, even if they're available to inside users.
My apologies for any inconvenience caused.
On a better note, you might like to note that I have just released version 3.11
of the program. Versions 3.1 and 3.11 do not have the bug referred to above.
Also, I forgot to wish all my American readers a Happy Thanksgiving in my
previous mail. In Canada, we celebrated Thanksgiving six weeks ago, so it
slipped my mind. Enjoy those turkeys!
--
Stephen Turner sret1 [at] cam http://www.statslab.cam.ac.uk/~sret1/
Normally: Statistical Laboratory, 16 Mill Lane, Cambridge CB2 1SB, England
Until 12/98: Dept of Math & Stats, 585 King Edward Ave, Ottawa K1N 6N5, Canada
Microsoft: Where am I allowed to go today?
|
