[Mimedefang] OT: Better file transfer system?
Kenneth Porter
shiva at sewingwitch.com
Mon Feb 27 13:25:35 EST 2006
--On Monday, February 27, 2006 11:28 AM -0500 "David F. Skoll"
<dfs at roaringpenguin.com> wrote:
> vTiger is thousands of security holes packaged up as a slick-looking
> Web application. I would never place it on a publicly-accessible
> server.
I was shopping at one time for a wiki and saw the same thing in Twiki.
About a week after I loaded a copy for evaluation a big security hole was
found. (Shell metacharacter exploit.) I took mine down and haven't
revisited deploying my own wiki since then. It amazes me that people still
invoke a shell from CGI code (instead of directly exec'ing the desired
program). (Not that it's a complete solution, but it's the most common
source of exploits I see.)
More information about the MIMEDefang
mailing list