Complete.Org: Mailing Lists: Archives: freeciv-dev: May 2002:
[Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424)

[Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424)

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	freeciv-dev@xxxxxxxxxxx
Cc:	bugs@xxxxxxxxxxxxxxxxxxx
Subject:	[Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424)
From:	Reinier Post <rp@xxxxxxxxxx>
Date:	Tue, 14 May 2002 13:02:08 -0700 (PDT)

On Wed, May 01, 2002 at 03:13:05PM -0700, Paul Zastoupil wrote:
> Well considering the metaserver has been waiting to be rewritten for about
> 3 years now.... any volunteers?
> 
> On Wed, May 01, 2002 at 05:53:24PM -0400, Daniel L Speyer wrote:
> > On Wed, 1 May 2002, Paul Zastoupil wrote:
> > 
> > > This is causing the browser to make a request for the file, so you will
> > > only be able to force it to grab files it can already grab.
> > > 
> > > The metaserver shouldn't allow tags, but this isn't a security problem.

We agree that fixing it isn't up to civserver, but to the metaserver,
so I don't think it's release critical.

What civserver should learn is how to send the metaserver info with
HTTP POST, as discussed elsewhere.

-- 
Reinier

[Prev in Thread]

Current Thread

[Next in Thread]

[Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424), Stefan Schnetter, 2002/05/01
- [Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424), Reinier Post, 2002/05/02
- [Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424), Reinier Post <=

Prev by Date: [Freeciv-Dev] Re: dynamic timeout (PR#1356)
Next by Date: [Freeciv-Dev] Possible abuse with allowconnect/multiple controlling connections (PR#1426)
Previous by thread: [Freeciv-Dev] Re: [Metaserver] scripting security hole (PR#1424)
Next by thread: [Freeciv-Dev] worker allocation bug
Index(es):
- Date
- Thread