[Osgeo4w-trac] [osgeo4w] #50: public website generate and promote
scripts don't require authorization
OSGeo4W
trac_osgeo4w at osgeo.org
Wed Feb 11 02:00:30 EST 2009
#50: public website generate and promote scripts don't require authorization
---------------------------+------------------------------------------------
Reporter: maphew | Owner: warmerdam
Type: defect | Status: new
Priority: critical | Milestone:
Component: Documentation | Version:
Keywords: |
---------------------------+------------------------------------------------
The links to osgeo4w-regen.sh and osgeo4w-promote.sh from
wiki:PackagingInstructions can be initiated by anonymous users. This opens
the door to trivial denial of service attacks as regen in particular
consumes server resources. Even if we disregard malicious intent a curious
surfer could prematurely promote the setup-test.ini to production.
--
Ticket URL: <http://trac.osgeo.org/osgeo4w/ticket/50>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer for the OSGeo stack.
More information about the Osgeo4w-trac
mailing list