Home
The Toolkit for Online Communities
17201 Community Members, 0 members online, 2140 visitors today
Log In Register
OpenACS Home : Forums : OpenACS Q&A : RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!) : One Message

Forum OpenACS Q&A: Re: RFC: Security policy for OpenACS (Security hole in OpenACS 5.1!)

Another point:

The developer support shell page needs to use signed variables too. Otherwise, you could pass the variables directly to developer-support using an IMG tag, and not even bother to make yourself site-wide admin.

Barry, thank you for actually doing something about all this discussion! Is anybody willing to port his code to Postgres once he's done testing it?

I personally think this is a security fix, so it wouldn't require TIPing, but perhaps it could be TIPed just to be extra sure...?