Home
The Toolkit for Online Communities
17221 Community Members, 1 member online, 1922 visitors today
Log In Register
OpenACS Home : Forums : OpenACS Q&A : RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!) : One Message

Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)

Tom, Jeff explained it here: http://openacs.org/forums/message-view?message_id=182057

Once someone has an admin account on OpenACS he could install acs-developer-support and and execute code via the its tcl shell feature.

This is not restricted to just 5.1, I believe...

>
>Once someone has an admin account on OpenACS he could install acs-developer-support and and execute code via the its tcl shell feature.
>

If acs-developer-support is such a powerful tool why make it available for install from the repository? Atleast if it was a local install only you would need access to the local file system before being able to install it.

    - Steve