[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Recommendations for upgrading for SQL-Ledger users

Nor does SQL-Ledger offer any assurance of the security of the web
server.  For more details, please do a search on my bugtraq posts.
Many of these contain full disclosure including steps necessary to
exploit these problems.

Just for clarification, I post full disclosures on many security
issues we have corrected because this allows security software
manufacturers (like the makers of Nessus) to integrate tests for the
problems into their software.  It also allows the makers of intrusion
detection systems to integrate signatures for the attacks.  This helps
ensure that everyone is well protected against insecure software.

In a few cases, we have received additional security issue reports
from such manufacturers.

Best Wishes,
Chris Travers