Re: hardening window against NewsBruiser



On Fri, 2005-12-09 at 09:37 +1100, Jeff Waugh wrote:
> <quote who="Owen Taylor">
> 
> > If someone wants to investigate further, what I'd suggest is:
> > 
> >  - Do it on a different machine, not on gnome.org (though if it is
> >    old-Apache buginess, that could be a problem for reproduction.)
> > 
> >  - Write a simple Python cgi that a) logs when it is called b)
> >    returns a small amount of data with content type and content
> >    length.
> > 
> >  - Try to get it's results cached via the memory cache.
> 
> Different tack: Patch NB to serve public attachments statically, avoiding
> the whole issue. At that point, you won't even need the memory cache (in
> most cases) because Apache will be doing the work for you.

I assume what you mean here is have NB put out URLs pointing to
attachments that can be served statically. You might actually be
able to do it with mod_rewrite ... the cases I hand-did were:

/attachment/alexl/2005/12/07/0/search0.png 
/var/www/blogs.gnome.org/NewsBruiserData/alexl/attachments/2005/12/07-0/search0.png

So, A) if it's always like that and B) if there are no access controls
going on inside NB, then it should be manageable with mod_rewrite.

Regards,
						Owen





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]