Re: [PHPiCalendar-DEV] 0.9.5 security issue

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

i should have time to look into that bug this weekend.

if no directory security is implemented by the user, then the user's 
calendar files could be easily compromised. yes, it should disabled by 
default.

-d

Chad wrote:

> Dietrich, did you ever look at this bug:
>
> http://sourceforge.net/tracker/index.php? 
> func=detail&aid=845351&group_id=62270&atid=500017
>
> I'd like to have some better grasp of how we can make this more  
> accessable to older versions oh PHP, if that is the problem in this  
> case.
>
> Also, we'll need to have it off by default if it is a security risk.
>
> -C
>
> On Nov 21, 2003, at 1:47 PM, Dietrich Ayala wrote:
>
>> it's mentioned in the publish.php file itself, and should be added 
>> to  the general installation instructions.
>>
>> we should also have a flag in the configuration file to 
>> enable/disable  publishing, and have it disabled by default.
>>
>> -dietrich
>>
>> Mike Traum wrote:
>>
>>> I haven't looked closely, but isn't publish.php a security hole,  
>>> especially since adding authentication to the calendars folder 
>>> isn't  mentioned in the Readme?
>>>  thanks,
>>> mike
>>> ---------------------------------------------------------------------- 
>>> -- 
>>> Do you Yahoo!?
>>> Free Pop-Up Blocker - Get it now  
>>> <http://us.rd.yahoo.com/slv/mailtag/*http://companion.yahoo.com/>
>>
>>
>>
>>
>>
>> -------------------------------------------------------
>> This SF.net email is sponsored by: SF.net Giveback Program.
>> Does SourceForge.net help you be more productive?  Does it
>> help you create better code?  SHARE THE LOVE, and help us help
>> YOU!  Click Here: http://sourceforge.net/donate/
>> _______________________________________________
>> Phpicalendar-devel mailing list
>> Php...@li...
>> https://lists.sourceforge.net/lists/listinfo/phpicalendar-devel
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Phpicalendar-devel mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpicalendar-devel
>
>