httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@hyperreal.org>
Subject Lotus Domino server vulnerable
Date Thu, 22 Jan 1998 07:13:03 GMT
http://www.wired.com/news/news/business/story/9774.html

The short of it: having config files under your document root is bad.
Making them editable through the site is even worse!

I like this:

> The hole can be exploited in curious ways. At one
> vulnerable site, NBC Sports, a cracker could view the
> list of names for all customers who registered for
> the site's sweepstakes. 

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Optimism is a strategy for making                         brian@apache.org
a better future." - Noam Chomsky                        brian@hyperreal.org

Mime
View raw message