[WEB4LIB] RE: CERT Advisory CA-2000-02
Avi Rappoport
avirr at LanMinds.Com
Thu Feb 3 13:29:55 EST 2000
At 9:41 AM -0800 2/3/2000, Drew, Bill wrote:
>How serious is this threat? Many databases and online catalogs rely on
>scripting and would not be functional without it. That is not saying that
>they should be using scripts. It is just a reality.
The problem seems to be most serious with chat and conferencing
systems that allow users to post HTML commands. The conferencing
code should strip out any tags that aren't simple formatting, or you
run the risk of having your server hijacked.
Avi
--
________________________________________________________________
Avi Rappoport, Search Tools Maven: <mailto:avirr at lanminds.com>
Guide to Site Indexing and Local Search Engines: <http://www.searchtools.com>
More information about the Web4lib
mailing list