Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: [bug?] Problem with 'load

From: SunandaDH:aol at: 28-Nov-2003 13:50

Thanks to everyone who contributed responses. I've now updated to use Romano's load-header script rather than a direct load/all/header in all the places (lots!) we load a header to get values about a script. This was a potentially damaging integrity exposure (my old-timer IBMese for hackable security flaw) in the Library..... .....Any one could have inserted active code in a header and contributed it as a script. That code would have been executed on the server when we did the load/header. The result could have been nasty. This remains a potential danger for any REBOL-based CGI site that loads headers of contributed code in the old manner.....If you have such a site, please check your code and see if you need to replace load/header with Romano's script. I'm impressed (as usual) with the usefulness of this ML and the helpfulness of the people on it. Less than 24 hours from reporting a problem to having a fix available. Outstanding, everyone!! Thanks everyone again! Sunanda.