Re: Oaf default build...

> If a valid request to a valid object has come in previously, then it is
> allowed.

Mhm, so this is pretty bad.

Because it just means that we are protected at startup (if the object
name is effectively randomized), but once the object is used once by
anyone, then we are subject to attacks.

In reality, this means that any real user (say, panel applets) will
be vulnerable.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]