Forum OpenACS Q&A: Re: Security hole in ad_form (may change behavior of ad


	The Toolkit for Online Communities 15899 Community Members, 0 members online, 2416 visitors today			Log In	Register

Forum OpenACS Q&A: Re: Security hole in ad_form (may change behavior of ad_form to fix!)

OpenACS Home : Forums : OpenACS Q&A : Re: Security hole in ad_form (may change behavior of ad_form to fix!) : One Message

Back to OpenACS Q&A

5: Re: Security hole in ad_form (may change behavior of ad_form to fix!) (response to 1)

Posted by Don Baccus on 10/14/03 10:54 AM

As far as programmers including something dangerous themselves directly in ad_form, this is no more a problem than it is with a set statement. "set foo [exec rm -f]" is equally evil ...

So it is really just the double-substitution instance noted by Lars that is an issue, no?

Back to OpenACS Q&A