[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] It's about time....
****** message to minivend-users from Barry Treahy <treahy@mmaz.com> ******
Does this mean CERT has been hacked?
Not Found
The requested URL / was not found on this server.
Apache/1.3.9 Server at www.cert.org Port 80
barry
Mike Heins wrote:
> ****** message to minivend-users from Mike Heins <mikeh@minivend.com> ******
>
> I have been waiting for this one
>
> http://slashdot.org/article.pl?sid=00/02/02/1230219
>
> Some people have wondered why I make sure MV doesn't rely on JavaScript
> or Java, and this is the reason why. There is finally a CERT advisory.
>
> There are some other words of caution, especially when allowing users
> to send data to your site. (Embedding <FORM ...> tags is the most
> potentially damaging.)
>
> I will be looking at this CERT advisory in detail, but I think
> MV is pretty good to go as it stands. In MV4, you can make sure with
> [value name=fname filter=entities].
>
> Because I expect that a percentage of users will be disabling JavaScript
> -- especially ones in corporate environments; some already implement
> proxies that strip <SCRIPT> </SCRIPT> -- I will be double-checking MV4
> and its demo for problems.
>
> -- Mike Heins http://www.minivend.com/ ___
> Internet Robotics |_ _|____
> If you like what you're gettin', 131 Willow Lane, Floor 2 | || _
> \ keep doin' what you're doin'. Oxford, OH 45056 | || |_) |
> -- Hector <mikeh@minivend.com> |___| _ <
> 513.523.7621 FAX 7501 |_| \_\
> -
> To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
> Archive of past messages: http://www.minivend.com/minivend/minivend-list
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
