Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • That's interesting. The "macro admin security fix" is something I don't understand, but the first two should be no brainers. Why the heck can't they figure that out for themselves? I do understand your reluctance to get specific about "here's how you attack unpatched versions of this software."

    • Actually, the items on that list are just copied from my Changelog. The first fix is basically to prevent people from creating a link like http://site.com/admin/delete?name=page.. but then again, they can still do a form with POST and have a javascript link to submit it.. *ARGH*

      The second one is just applying some best practices. Adding an extra lock to the already locked door.

      Third one is uhm.. mmm will have to look up what I meant by that tho :)

      Recommended action would be to upgrade.. obviously but not
    • I don’t see what’s so unusual about the request. Figuring out the issues requires study of the source code, and evaluating them to figure out what follows from them is often unclear to someone without a good understanding of the codebase. This has been a point of tension between the Linux kernelhackers and distributors, who often can’t tell how significant a bugfix really is without either being told or investing significant effort of their own.

      Let’s take a look at the questions: