[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: No watch commands work with pserver 1.11.1p1 & 1.11.2
From: |
Gary L. Hennigan |
Subject: |
Re: No watch commands work with pserver 1.11.1p1 & 1.11.2 |
Date: |
Mon, 06 May 2002 08:58:10 -0600 |
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) |
larry.jones@sdrc.com (Larry Jones) writes:
> Gary Hennigan writes:
> >
> > Personally, I've fixed my local copy by doing away with the "if" block
> > starting at server.c:2657 and ending at server.c:2666, as it seems
> > redundant since the client has already verified that the command is
> > a legal command.
>
> That means that you're trusting the client, which isn't a very good idea
> from a security perspective. The right fix is to change the command
> name passed into do_cvs_command to "watch" in all four cases. I've
> checked in a fix.
Thanks for the right fix Larry, and for the quick response.
Gary