cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Howard <>
Subject Re: cocoon-view as possible security problem?
Date Fri, 21 Mar 2003 18:53:24 GMT
At 08:24 AM 3/21/2003, you wrote:
>Geoff Howard wrote:
>>By the way, I think there are bigger security problems in cocoon...
>Like what? (not being arrogant or defensive, just curious... damn email 
>communication sometimes coveys the wrong tone)

You've probably seen my other email by now, but just wanted to clarify that 
I probably should not have phrased that so bluntly.  Still, I hope this 
turns into a good conversation.

Some of the issues that have been causing me to think about this have more 
to do with default configuration which makes that phrase way over 
blown.  I've been meaning to start a wiki/discussion about getting a list 
of suggested modifications to the default config for live 
sites.  cocoon-reload, file upload params, possibly views, etc. are what I 
think of off the cuff, but would love to hear what others with deeper 
knowledge of more of the code think.


View raw message