[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Web Server Bug



David Douthitt wrote:
> I submitted my GPG key, got an account, signed the CLA, etc.  Then I
> went to change my user details (for group membership) and put
> "Infrastructure" into the box on the bottom (above the dropbox that
> defaults to "user") and the python code blew up.
As far as I can tell, this is the response when the group doesn't exist
(looks like it's case sensitive- you probably wanted "infrastructure").

> One other thing - isn't the error itself a security error?  I mean, it
> gives me Python code, line numbers, procedure names, Python version and
> location, and more.  
I don't think just showing code/non-sensitive debugging information is a
huge security problem.  Consider that the code for the accounts system
is publicly viewable in CVS anyway (hooray for openness):
http://cvs.fedoraproject.org/viewcvs/fedora-accounts/?root=fedora.

As a side note, I think the accounts system is being rewritten so
hopefully, such errors will be treated more gracefully in the future.

Ricky

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]