Opened 15 years ago
Closed 3 years ago
#50 closed defect (wontfix)
public website generate and promote scripts don't require authorization
| Reported by: | maphew | Owned by: | warmerdam |
|---|---|---|---|
| Priority: | critical | Component: | Documentation |
| Version: | Keywords: | ||
| Cc: |
Description
The links to osgeo4w-regen.sh and osgeo4w-promote.sh from wiki:PackagingInstructions can be initiated by anonymous users. This opens the door to trivial denial of service attacks as regen in particular consumes server resources. Even if we disregard malicious intent a curious surfer could prematurely promote the setup-test.ini to production.
Change History (2)
comment:1 by , 15 years ago
comment:2 by , 3 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
I changed the links to plain text for the time being so inadvertent use is not possible.