Am 06.01.2013 23:51, schrieb Geert Wirken:
On 01/06/2013 06:55 PM, Reindl Harald wrote:
then it is a bug
includes have to make sure that they are NEVER called diretly
especially if they are throwing errors which may lead to a DOS attack by filling the filesystem with logs and if someone as good reportings the mailserver too
We're talking about a script in the /installation/ directory which should be removed after installing Roundcube, which makes the probability of a successful DoS attack significantly smaller...
a bug is a bug
you can hope everbody removes /installation/ or make it secure by design - what do you think is the better choice?
most users of any software still have no knowledge at all this was always so and will not change in the near future