[mod_python] [Vampire] Possible security problem with loginhandler

Graham Dumpleton grahamd at dscpl.com.au
Wed Jun 8 04:18:32 EDT 2005

On 08/06/2005, at 6:02 PM, Stephane Bortzmeyer wrote:

> If I make a typo in the filename of the loginhandler directive of the
> Vampire configuration file, there is no warning and the access goes
> on. Isn't it a security weakness?

Agree that it is probably not good in that circumstance, should yield
an internal server error response at least and log something. Will have
to review what happens for other phases as well. In those cases you'll
probably end up with a not found error, but maybe something different
should be done there as well.

Thanks for pointing it out.


More information about the Mod_python mailing list