LinuxMall.com: Zope Lassos Pesky TrojanMay 16, 2000, 19:04 (1 Talkback[s])
(Other stories by Greta Durr)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
[ Thanks to LinuxNews.com for this link. ]
"Zope Weekly News has reported a problem with its security model that appears to be potentially pervasive and not necessarily Zope-specific. This is the first installation in a three-part series on Zope's efforts to rein in the trojan, which will be further explored in LinuxNews.com later this week."
According to Zope, the problem isn't necessarily an easy one to spot. "The issue involves a way that less privileged site users with the ability to edit DTML [content] could trick more privileged users into executing their content, taking actions on behalf of the higher privileged user that he did not intend (and may not even be aware of)."
"Zope, an Open Source Web application server, consists of several interoperable components aimed at providing "a flexible application server package," Zope officials said. Zope includes an Internet server, a transactional object database, a search engine, a Web page templating system, a through-the-Web development and management tool, and support."
0 Talkback[s] (click to add your comment)