[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential security issue with LedgerSMB (inherited from SL)
- Subject: Re: Potential security issue with LedgerSMB (inherited from SL)
- From: "Chris Travers" <..hidden..>
- Date: Mon, 11 Sep 2006 13:01:45 -0700
Chris, you want to comment on this?
From what I have seen, the fact that the xterm directory is missing already makes this a problem out of the box with SQL-Ledger 2.6.x.
Of course, this doesn't prevent you from setting an HTTP-USER-AGENT
On 9/11/06, Darrick Hartman <..hidden..> wrote:
Chris Travers wrote:
>
>
> BTW, the terminal problem is still an issue. bin/xterm doesn't exist,
> and when I try to run any of the scripts from the terminal, it tries
> to include these. Is this a dumb user problem or is terminal broken in
> LedgerSMB and/or SL?
>
>
> In 2.4.x bin/xterm was basically a symlink to bin/lynx
>
> THe fact that it is not there in 2.6 is an indication that nobody uses
> it. Which is a good thing as far as the security issue is concerned.
>
Does removal of the terminal code mean that running one of the scripts
such as:
perl is.pl
"action="" won't
work in the future with ledgersmb?
I've been doing something similar to initiate backups of sql-ledger for
a long time.
Darrick
--
Darrick Hartman
DJH Solutions, LLC
http://www.djhsolutions.com
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Ledger-smb-devel mailing list
..hidden..
https://lists.sourceforge.net/lists/listinfo/ledger-smb-devel