[Dshield] Uploads to Apache

David Cary Hart DavidHart at TQMcube.com
Fri Jan 7 14:17:27 GMT 2005


On Thu, 2005-01-06 at 16:18 -0800, Jim Race wrote:
> It all depends on how you implemented it, and what limits you placed on it.
> 
> Since you didn't tell us any of that, I'll assume you don't know how it 
> occured and say "Yes, it compromises security."

I agree. Sometimes (some people would suggest "often") I do not know
what I do not know. Johannes thoughtfully responded off list and pointed
out the potential for someone to upload and then activate a php exploit
if the upload is accessible. While the upload area is obscure it was not
immune. It's now gone until I rethink and rewrite the PHP.

________________________________________________________________________
Total Quality Management - A Commitment to Excellence
http://www.TQMcube.com




More information about the list mailing list