Forum OpenACS Q&A: ACS Security fixed

Collapse
23: ACS Security fixed (response to 1)
Posted by Malte Sussdorff on
I fixed the security issues by copying the code from ACS 3.4.10. This enables ad_sign and the like. I was careful not to break anything, but if you detect anything unusual, tell me so.

Furthermore I added the table secure_tokens to /packages/acs-core/security.sql. So, if you get the latest checkout from CVS make sure you create this table.