Forum OpenACS Q&A: AOLserver security

6: AOLserver security (response to 3)
Posted by Andrew Piskorski on
Jeremy, the security issue you mention above has been discussed here many times, including in April 2002, Nov. 2002, and June 2003.

It's a small bug in the the external database driver interface, which AFAIK no one using OpenACS ever uses at all. The Oracle and PostgreSQL database drivers are "internal" drivers and are not effected. In the unlikely event that you are using an "external" database driver of some sort with AOLserver, then you might want to patch that bug.

To the best of my knowledge there are no known security problems with AOLserver 3.3+ad13, at least not as used by OpenACS.

7: Re: AOLserver security (response to 6)
Posted by Jeremy Henty on
Thanks Andrew, that is really helpful!


Jeremy Henty