|
Graham Dumpleton
grahamd at dscpl.com.au
Wed Jun 8 06:55:25 EDT 2005
On 08/06/2005, at 6:18 PM, Graham Dumpleton wrote: > > On 08/06/2005, at 6:02 PM, Stephane Bortzmeyer wrote: > >> If I make a typo in the filename of the loginhandler directive of the >> Vampire configuration file, there is no warning and the access goes >> on. Isn't it a security weakness? > > Agree that it is probably not good in that circumstance, should yield > an internal server error response at least and log something. Will have > to review what happens for other phases as well. In those cases you'll > probably end up with a not found error, but maybe something different > should be done there as well. Version of code in subversion has been updated so you can either update against that or grab: http://svn.dscpl.com.au/vampire/trunk/software/vampire/lookup.py and replace version in your copy. You will now get errors where appropriate like: ImportError: No file named /Users/grahamd/Sites/vampire/examples/session/xaccess.py or: ImportError: Cannot import loginhandler from /Users/grahamd/Sites/vampire/examples/session/access.py Graham
|