[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential security issue with LedgerSMB (inherited from SL)

Chris, you want to comment on this?

From what I have seen, the fact that the xterm directory is missing already makes this a problem out of the box with SQL-Ledger 2.6.x.

Of course, this doesn't prevent you from setting an HTTP-USER-AGENT

On 9/11/06, Darrick Hartman <..hidden..> wrote:
Chris Travers wrote:
>     BTW, the terminal problem is still an issue. bin/xterm doesn't exist,
>     and when I try to run any of the scripts from the terminal, it tries
>     to include these. Is this a dumb user problem or is terminal broken in
>     LedgerSMB and/or SL?
> In 2.4.x bin/xterm was basically a symlink to bin/lynx
> THe fact that it is not there in 2.6 is an indication that nobody uses
> it.  Which is a good thing as far as the security issue is concerned.
Does removal of the terminal code mean that running one of the scripts
such as:

perl is.pl
"action="" won't
work in the future with ledgersmb?

I've been doing something similar to initiate backups of sql-ledger for
a long time.


Darrick Hartman
DJH Solutions, LLC

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
Ledger-smb-devel mailing list