Re: hardening window against NewsBruiser

From: James Henstridge <james jamesh id au>
To: Owen Taylor <otaylor redhat com>
Cc: gnome-sysadmin gnome org, gnome-infrastructure gnome org, Jeff Waugh <jdub perkypants org>
Subject: Re: hardening window against NewsBruiser
Date: Fri, 09 Dec 2005 10:31:09 +0800

Owen Taylor wrote:

>I assume what you mean here is have NB put out URLs pointing to
>attachments that can be served statically. You might actually be
>able to do it with mod_rewrite ... the cases I hand-did were:
>
>/attachment/alexl/2005/12/07/0/search0.png 
>/var/www/blogs.gnome.org/NewsBruiserData/alexl/attachments/2005/12/07-0/search0.png
>
>So, A) if it's always like that and B) if there are no access controls
>going on inside NB, then it should be manageable with mod_rewrite.
>  
>
I think that will expose images attached to draft entries, but only if
someone guesses the name.  I haven't seen any access control options
while looking through NB, so that's the only issue I can think of.

James.

References:
- hardening window against NewsBruiser
  - From: Kurt von Finck
- Re: hardening window against NewsBruiser
  - From: Owen Taylor
- Re: hardening window against NewsBruiser
  - From: Jeff Waugh
- Re: hardening window against NewsBruiser
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]