[REBOL] Re: [bug?] Problem with 'load
From: SunandaDH:aol at: 28-Nov-2003 13:50
Thanks to everyone who contributed responses.
I've now updated REBOL.org to use Romano's load-header script rather than a
direct load/all/header in all the places (lots!) we load a header to get values
about a script.
This was a potentially damaging integrity exposure (my old-timer IBMese for
hackable security flaw) in the Library.....
.....Any one could have inserted active code in a header and contributed it
as a script. That code would have been executed on the server when we did the
load/header. The result could have been nasty.
This remains a potential danger for any REBOL-based CGI site that loads
headers of contributed code in the old manner.....If you have such a site, please
check your code and see if you need to replace load/header with Romano's script.
I'm impressed (as usual) with the usefulness of this ML and the helpfulness
of the people on it. Less than 24 hours from reporting a problem to having a
fix available. Outstanding, everyone!!
Thanks everyone again!
Sunanda.
