Full Disclosure mailing list archives
Re: Credit Card data disclosure in CitrusDB
From: Loptr Chaote <loptr.chaote () gmail com>
Date: Sun, 13 Feb 2005 12:01:20 +0100
On Sat, 12 Feb 2005 23:31:03 +0100, Maximillian Dornseif <dornseif () informatik rwth-aachen de> wrote:
Fix === Update to CitrusDB version 0.3.6 or higher and set the $path_to_ccfile in the configuration to a path not accessible via http
How about NOT using software coded by people without _any_ sense for security as a fix? Seriously, this "bug" is intolerable, even for "beta" software. Who ever the authors, they should never have been put in front of a developer environment.. What's this new wave of idiocy and point-and-click mentality. All of the sudden everyone is a coder? This shows that they have no knowledge of security whatsoever, and THAT is not the kind of people you want writing software to handle credit card information and/or other sensitive data. Am I the only one being stumped here? -LC _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Credit Card data disclosure in CitrusDB Maximillian Dornseif (Feb 12)
- Re: Credit Card data disclosure in CitrusDB Loptr Chaote (Feb 13)
- RE: [lists] Re: Credit Card data disclosure in CitrusDB Curt Purdy (Feb 13)
- RE: [lists] Credit Card data disclosure in CitrusDB Curt Purdy (Feb 13)
- Re: Credit Card data disclosure in CitrusDB ZATAZ (Feb 13)
- Re: Credit Card data disclosure in CitrusDB Thierry Zoller (Feb 13)
- Re: Credit Card data disclosure in CitrusDB ZATAZ (Feb 13)
- Re: Credit Card data disclosure in CitrusDB Thierry Zoller (Feb 13)
- Re: Credit Card data disclosure in CitrusDB Loptr Chaote (Feb 13)