Re: hardening window against NewsBruiser



Owen Taylor wrote:

>I assume what you mean here is have NB put out URLs pointing to
>attachments that can be served statically. You might actually be
>able to do it with mod_rewrite ... the cases I hand-did were:
>
>/attachment/alexl/2005/12/07/0/search0.png 
>/var/www/blogs.gnome.org/NewsBruiserData/alexl/attachments/2005/12/07-0/search0.png
>
>So, A) if it's always like that and B) if there are no access controls
>going on inside NB, then it should be manageable with mod_rewrite.
>  
>
I think that will expose images attached to draft entries, but only if
someone guesses the name.  I haven't seen any access control options
while looking through NB, so that's the only issue I can think of.

James.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]