Gossamer Forum
Home : Products : DBMan SQL : Discussion :

Security bug

Quote Reply
Security bug
If you pass an incorrect parameter to db.cgi, you get an output of all your environment to your browser. I realize this has been fixed in regular dbman... has this been fixed in the sql version?

Also, what can I do in order that, if someone calls db.cgi via the browser, he is automatically logged-off and sent to my default homepage?

Thanks.