[Zope] HTTP PUT
Chris Withers
chris at simplistix.co.uk
Thu May 4 02:22:58 EDT 2006
David wrote:
>
> I have a user messing with a site using HTTP PUT to upload files. The
> user has access privileges to use a simple CMS (although for the time
> being now, they're revoked). Will switching off the permission for
> "WebDAV access" prevent any successful PUT or do we need to take further
> actions?
Yes.
> We also allow FTP access to certain directories. Can this be abused to
> upload files elsewhere?
If you can reproduce it, this is a bug, either in your app or in Zope.
If the latter, it would be pretty serious...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list