|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Squirrelmail XSS + SQL security bug?
From: David A.Ulevitch (davidu
everydns.net)
Date: Mon Jul 05 2004 - 16:15:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jul 5, 2004, at 2:05 PM, Henrique de Moraes Holschuh wrote:
> Isn't this enough reason to demote squirrelmail to an "unstable-only"
> package? I use it everywhere, and it will be an extereme hindrance
> to me,
> but we have to be realistic on these issues...
I would agree, squirrelmail (and I use it too!) and other similarly
large web applications do not have the foundation to be secure since
they have been put together over long periods of time. The latest
squirrelmail is pretty good in that regards but of course, that's out
of the option for woody, or maybe even sarge.
I've since stopped using the squirrelmail in debian and just set up an
equivs to handle my dirty work. It's not all that complex a .deb to
package and an equivs with a wget line would be almost as good a
replacement. :)
Squirrelmail is also rather trivial to upgrade without messing things
up. Aside from msfttcorefonts (or whatever it is...I don't use debian
on a desktop) are there other packages that just set up some
directories and then get the latest files from the net from the
upstream? Is that frowned upon?
-davidu
----------------------------------------------------
David A. Ulevitch - Founder, EveryDNS.Net
http://david.ulevitch.com -- http://everydns.net
----------------------------------------------------
--
To UNSUBSCRIBE, email to debian-security-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmasterlists.debian.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]