Forum OpenACS Development: Re: AOLserver Security Audit

Collapse
Posted by Tom Jackson on

Yeah, I would be interested. Maybe a bunch of people jumping up and down is better than one. My last reported 'serious' security problem went virtually unnoticed by most. Considering that the bug still exists and allows reading and copying any file readable by the AOLserver user, including the ssl private key file, I don't know how interested the community will be in security bugs. This bug was previously found by aD, and is patched in the ad13 version recommended for OpenACS.