[Mimedefang] OT: Better file transfer system?

Kenneth Porter shiva at sewingwitch.com
Mon Feb 27 13:25:35 EST 2006

--On Monday, February 27, 2006 11:28 AM -0500 "David F. Skoll" 
<dfs at roaringpenguin.com> wrote:

> vTiger is thousands of security holes packaged up as a slick-looking
> Web application.  I would never place it on a publicly-accessible
> server.

I was shopping at one time for a wiki and saw the same thing in Twiki. 
About a week after I loaded a copy for evaluation a big security hole was 
found. (Shell metacharacter exploit.) I took mine down and haven't 
revisited deploying my own wiki since then. It amazes me that people still 
invoke a shell from CGI code (instead of directly exec'ing the desired 
program). (Not that it's a complete solution, but it's the most common 
source of exploits I see.)

More information about the MIMEDefang mailing list