[Zope-dev] Vulnerability: attacking can get file list and directory

marc lindahl marc@bowery.com
Mon, 24 Sep 2001 11:52:38 -0400


> From: Chris Withers <chrisw@nipltd.com>
>
> The traceback should _not_ be _appended_ to the error message. If an app
> developer chooses to show it, then fine they can as they do already (mine
> sends
> me an error email ;-), but why should it be appended in all circumstances

Be careful of that -- I recently got *flooded* with error emails from a
recent bout of the Code Red worm looking for files that weren't on my server
:(