[pLog-svn] r6276 - in plog/branches/lifetype-1.2/class: data/validator misc template test/tests/misc
Jon Daley
plogworld at jon.limedaley.com
Sat Mar 29 17:16:31 EDT 2008
On Sat, 29 Mar 2008, Jon Daley wrote:
> How about getting apache to allow serve the content as a binary
> application with a forcetype or something?
There is RemoveHandler, but I think we end up in the same place as the
others - either you can't blacklist all of the executable programs without
being prone to missing some, and whitelisting useful extensions seems kind
of hard.
I just went to check to see how wordpress does it, and it turns out they
are significantly worse off than we are. I'll file a bug with them.
Perhaps my attacker wasn't specifically attacking lifetype, but knew that
lots of resource uploaders don't work well in the validation department.
Maybe we could make the gallery .htaccess a little better, and then leave
some stuff commented where people can make it more secure if they would
like.
More information about the pLog-svn
mailing list