[Grok-dev] UPDATE recently created projects to 0.14.1
Brandon Craig Rhodes
brandon at rhodesmill.org
Sun Dec 21 17:29:09 EST 2008
Jasper Spaans <j at jasper.es> writes:
> Another option not requiring the use of javascript or iframes is a
> nice in-your-face gif which goes flashing red if your grok is
> outdated, for example by requesting something like 'http://grok.zope.org/ismygrokuptodate.gif?version=0.14.1'
> and getting back an appropriate image. This does of course disclose
> which version of grok is being used...
We could just have a dangerous_versions.txt file filled with
inequalities like (I'm making these numbers up):
<0.12
<=0.12.1
<=0.13.1
<=0.14.1
and have the admin UI download that file, if our biggest concern was not
revealing the version of Grok running on our remote sites, since each
site would calculate whether it was vulnerable from a single URL that
all sites would use.
Probably a bad idea for other reasons that have already been mentioned.
Just a thought.
--
Brandon Craig Rhodes brandon at rhodesmill.org http://rhodesmill.org/brandon
More information about the Grok-dev
mailing list