[chora] Re: Potentially Dangerous URL
flipp
flipp.bunts at gmail.com
Fri Mar 11 12:13:54 PST 2005
Gerard Samuel <chora <at> trini0.org> writes:
>
> Jan Schneider wrote:
>
> >Zitat von Gerard Samuel <chora <at> trini0.org>:
> >
> >
> >
> >>I get a page with the message below, when a link,
> >>generated by chora points to itself.
> >>http://code.trini0.org/horde/chora/co.php/README.txt?rt=grains&r=13
> >>(The subsection about browsing the repository)
> >>Im using the latest versions of chora/horde.
> >>Is this anything to worry about, and is it something that can be disabled?
> >>
> >>
> >
> >This is nothing to worry about, as you know the source of that link and
> >can trust. It can't (and probably shouldn't) be disabled at the moment.
> >It's a security feature.
> >
>
> Thanks
actually it's quite easy to disable.
in go.php (hint: it's under $HORDEHOME/services/) just comment out the 4 line if
statement (after the comment about due diligence) and replace it with a dummy if
statement. i used "if ($crackmonkey) {"
if you're on an intranet and don't have access to the outside world, who cares
if you email a coworker an intranet link. if this is machine with internet
access, then yes... i'd probably not disable it like this.
---flipp
More information about the chora
mailing list