from the security-can-be-so-annoying dept.
CERT has issued a security advisory regarding improperly checked output from dynamic pages. For example, I could add malicious HTML code to this posting, and everyone who reads the posting would be affected by the code. Does Squishdot limit the HTML that can be added to the postings? There is the Allowed HTML at the bottom of this page, is there a sanity check on postings? Of course, the other way to deal with the problem is to turn moderation on for everything, and then properly check each posting manually.
The CERT advisory can be found at http://www.cert.org/advisories/CA-2000-02.html.
< | >
|"Any system that depends on reliability is unreliable." -- Nogg's Postulate|
|All trademarks and copyrights on this page are
owned by their respective companies.
Comments are owned by the Poster.
The Rest ©1999
Butch Landingin, ©2000-2002