Opened 13 years ago

Closed 14 months ago

#50 closed defect (wontfix)

public website generate and promote scripts don't require authorization

Reported by: maphew Owned by: warmerdam
Priority: critical Component: Documentation
Version: Keywords:
Cc:

Description

The links to osgeo4w-regen.sh and osgeo4w-promote.sh from wiki:PackagingInstructions can be initiated by anonymous users. This opens the door to trivial denial of service attacks as regen in particular consumes server resources. Even if we disregard malicious intent a curious surfer could prematurely promote the setup-test.ini to production.

Change History (2)

comment:1 by maphew, 13 years ago

I changed the links to plain text for the time being so inadvertent use is not possible.

comment:2 by jef, 14 months ago

Resolution: wontfix
Status: newclosed
Note: See TracTickets for help on using tickets.