[Zope-dev] Vulnerability: attacking can get file list and dir ectory

[Shane Hathaway]

sean.upton@uniontrib.com wrote:

> On a high-traffic site, wouldn't the log get really big, really quickly with
> tracebacks?  It is also nice to have the tracebacks in the browser window
> for debugging... 


But the log won't grow more than Z2.log.  Yes, it is nice to have the 
tracebacks in the browser window, but IMHO it is *not* helpful to have 
tracebacks hidden in HTML comments.


> Why not just enable tracebacks to clients from trusted IP address ranges or
> domains...  Set this up as an option in Z2.py?


Sounds useful.  We need a fishbowl proposal.

> Anyway, that's my 3-mile high take on it... 


Thanks!

Shane