[Chameleon-dev] [Bug 177] [wmsparse] security issue with wmsparse and IIS

bugzilla-daemon at www.maptools.org bugzilla-daemon at www.maptools.org
Mon Nov 8 15:49:45 EST 2004


pspencer at dmsolutions.ca changed:

           What    |Removed                     |Added
         AssignedTo|jfournier at dmsolutions.ca    |dmorissette at dmsolutions.ca

------- Additional Comments From pspencer at dmsolutions.ca  2004-11-08 15:49 -------
ok, so the original issue is valid.  IIS user requires execute privileges on
cmd.exe, which is considered a security issue.  What should be done about this
for version 1.99 and for future versions?  I'd like to see some sort of minimal
fix this time around as this would be an excellent candidate for including in
some sort of php_chameleon module (which won't be done for this version).

Perhaps the cgi model would be the easiest?  Or should it be a documented
limitation of working with IIS?

Reassigning to Daniel for comment on the cgi approach ...

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Chameleon-dev mailing list