[Moin-user] Moin security
Jim Popovitch
jimpop at yahoo.com
Sun Dec 4 23:01:02 EST 2005
Thomas Waldmann wrote:
>> Is there a single place that lists all things that leak system info,
>> via Moin, which could potentially be used by miscreants?
>
> No, but you can make a wiki page about it:
> * SystemInfo
> * action=test
> * crash tracebacks (sometimes more, sometimes less)
>
> I think there is an open bug about the traceback stuff (esp. if it
> happens in user.py).
Thanks Thomas. It took a while to get around to this, but I have now
setup http://moinmoin.wikiwikiweb.de/FixLeaks and added my "fixes" for
SystemInfo and action=test. Crash tracebacks are something else, I
think I may leave that up to others for now.
-Jim P.
More information about the Moin-user
mailing list