[prev in list] [next in list] [prev in thread] [next in thread] 

List:       chora
Subject:    Re: [chora] Potentially Dangerous URL
From:       Jan Schneider <jan () horde ! org>
Date:       2005-10-25 22:04:21
Message-ID: 20051026000421.p6cewfn0mosw8gck () neo ! wg ! de
[Download RAW message or body]

Zitat von Admin <admin@ltarngozi.org>:

>
> Jan,
> would you be so kind to explain me how I could hack the code?

Take a look at services/go.php.

>> Date: Tue, 25 Oct 2005 09:29:01 +0200
>> From: Jan Schneider <jan@horde.org>
>> Subject: Re: [chora] Potentially Dangerous URL
>> To: chora@lists.horde.org
>> Message-ID: <20051025092901.jt99tcyf4w0gso0g@neo.wg.de>
>> Content-Type: text/plain;    charset=ISO-8859-15;    format="flowed"
>>
>> Zitat von Admin <admin@ltarngozi.org>:
>>
>>
>>
>>> Therefore I think is should be an user option, if not an admin
>>> option, to disable this so called "security feature", at admin's
>>> risk, if you want to say so.
>>>
>>>
>>
>> No. Hack the code if you don't want to bother your users with extra
>> security. *We* care about web application security.
>>
>> Jan.
>>
>> --
>> Do you need professional PHP or Horde consulting?
>> http://horde.org/consulting/
>>
>>
>>
>> ------------------------------
>>
>>
>> --
>> Chora mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: chora-unsubscribe@lists.horde.org
>>
>>
>> End of chora Digest, Vol 350, Issue 1
>> *************************************
>>
>>
>>
>>
>
>
> --
> Chora mailing list - Join the hunt: http://horde.org/bounties/#chora
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: chora-unsubscribe@lists.horde.org
>
>



Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

-- 
Chora mailing list - Join the hunt: http://horde.org/bounties/#chora
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: chora-unsubscribe@lists.horde.org
[prev in list] [next in list] [prev in thread] [next in thread]