At 05:14 PM 4/16/99 -0600, you wrote:
>There may be cases where attachments are inappropriate for an archived list,
>but for my purposes they are essential. Sending anything potentially
>untoward to /dev/null is an interesting concept, but not one I want in an
>MTA.
What I am worried about is the ease with which this could lead to scenarios
like remote users creating troublesome ".htaccess" files or malicious
binaries. It looks like Hypermail strips out "/" when it saves the file
(so they cannot happily roam about) and does not overwrite files but I just
managed to make a test archive inaccessible by sending an attachement
called ".htaccess" with garbage in it (I could have done more like adding a
new CGI-BIN directory but this was just a test).
I can understand why some folks would want attachements but there should at least be an easy way to turn them off or use the standard behaviour of "disable *except* for . . ." instead of having everything allowed by default and no way to disable it.
IMHO anyways.
Thanks for the response and hope someone can suggest what to hack to fix this.
Cheers
Island Net AMT Solutions Group Inc. Telephone: 250 383-0096 1412 Quadra Toll Free: 1 800 331-3055 Victoria, B.C. Fax: 250 383-6698 V8W 2L1 E-Mail: support_at_islandnet.com Canada WWW: http://www.islandnet.com/ -----------------------------------------------------------------------------Received on Sat 17 Apr 1999 02:28:08 AM GMT
This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:50 PM GMT GMT