[prev in list] [next in list] [prev in thread] [next in thread]
List: wikitech-l
Subject: [Wikitech-l] Images security flaw...
From: a.crossman () blueyonder ! co ! uk
Date: 2003-07-31 18:42:41
[Download RAW message or body]
Hi,
There seems to be a security flaw in the image deletion. It seems
anyone can delete old versions.
So a practical attack becomes possible: just upload a new (junk)
version of an image, and delete the old one.
This is made worse since even sysops can't undo image deletion.
Perhaps deletion of old image versions should be restricted to
sysops?
--
Allan Crossman
a.crossman@blueyonder.co.uk
http://dogma.pwp.blueyonder.co.uk
_______________________________________________
Wikitech-l mailing list
Wikitech-l@wikipedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic