administrator cannot disable hdfdump
|Reported by:||quasistoic||Owned by:||Alec Thomas|
As far as I can tell, this issue was first brought up back in comment:ticket:51:6 but there was never any followup.
I do find it disturbing that anyone can visit any installation of trac, and regardless of the permissions afforded to the anonymous user, can append ?hdfdump=1 to obtain a good amount of sensitive information. http://trac.edgewall.org/wiki/?hdfdump=1
Change History (6)
comment:5 by , 13 years ago
|Status:||reopened → new|