You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The XMLRPC library has a big warning about allowing dotted attributes:
Warning Enabling the allow_dotted_names option allows intruders to access your module’s global variables and may allow intruders to execute arbitrary code on your machine. Only use this option on a secure, closed network.
But then I see in the code for the dispatcher that you always resolve dotted attributes, potentially creating a security problem without the users knowledge. I think this is pretty grave.
The text was updated successfully, but these errors were encountered:
The XMLRPC library has a big warning about allowing dotted attributes:
But then I see in the code for the dispatcher that you always resolve dotted attributes, potentially creating a security problem without the users knowledge. I think this is pretty grave.
The text was updated successfully, but these errors were encountered: