You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Behlendorf <br...@hyperreal.org> on 1998/01/22 08:13:03 UTC

Lotus Domino server vulnerable

http://www.wired.com/news/news/business/story/9774.html

The short of it: having config files under your document root is bad.
Making them editable through the site is even worse!

I like this:

> The hole can be exploited in curious ways. At one
> vulnerable site, NBC Sports, a cracker could view the
> list of names for all customers who registered for
> the site's sweepstakes. 

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Optimism is a strategy for making                         brian@apache.org
a better future." - Noam Chomsky                        brian@hyperreal.org