Update of /cvsroot/mhonarc/mharc/etc
In directory subversions:/tmp/cvs-serv6214/etc
Modified Files:
apache.conf.in.dist
Log Message:
* cgi-bin/extract-mesg.cgi.in.dist:
. Changed returned media-type from message/rfc822 to text/plain.
message/rfc822 is nice since some browsers can render it directly,
but it does open potential XSS HTML email attacks.
IMPORTANT NOTE: User upgrading are encouraged to delete
"cgi-bin/extract-mesg.cgi.in" and run 'make
configure' after extracting this release. If you
really want the message/rfc822 behavior, you can
edit "cgi-bin/extract-mesg.cgi.in" and redefine
the $message_media_type variable.
* etc/apache.conf.in.dist:
. Security related comments added. Users are encourage to read
if using etc/apache.conf.
Index: apache.conf.in.dist
===================================================================
RCS file: /cvsroot/mhonarc/mharc/etc/apache.conf.in.dist,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** apache.conf.in.dist 23 Jul 2002 04:00:22 -0000 1.4
--- apache.conf.in.dist 31 Jul 2002 04:53:21 -0000 1.5
***************
*** 4,10 ****
--- 4,17 ----
## The following are template/example Apache configuration
## directives that apply to the mail archives.
+ ##
+ ## IMPORTANT: MAKE SURE TO REVIEW THE DIRECTIVES HERE IF
+ ## USE THIS FILE AGAINST ANY SECURITY CONCERNS
+ ## YOU MAY HAVE.
############################################################################
<Directory @@SW_ROOT@@>
AllowOverride All
+
+ # ExecCGI could be a security risk if you configure mhonarc to use
+ # attachment filenames or filename extensions.
Options +ExecCGI MultiViews Indexes FollowSymLinks Includes
IndexOptions FancyIndexing NameWidth=* SuppressSize SuppressLastModified
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV