[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] security warning?
- Subject: Re: [cobalt-security] security warning?
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Mon, 12 Aug 2002 08:13:03 -0700
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
cobalt@xxxxxxxxxxxxx wrote:
> Cross site scripting vulnerabilities are specific to a particular cgi
> / script / asp file.
Thanks. That was the gist of what I thought. However the code example
sent me explaining I was vulnerable didn't include any references to any
cgi file.
The only cgis that run on the RaQ in question are a very secure copy of
Formmail.pl from the monkeys.com site, and the Cobalt gui, which I
really can't do anything about.
> The only way to protect against them, is to
> make sure you validate all user input, and remove any <script>
> </script> tags before displaying this input back to the user.
It looks like we're okay on that score. You've aleviated much of my
concern, but I wonder why I got that message.
Thanks.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA 92517
voice: +1 909 778-9980 * fax: +1 909 548-9484