Ticket #49 (closed defect: fixed)

Opened 20 years ago

Last modified 19 years ago

Exclude build.xml from ANT script in modelglueapplicationtemplate

Reported by: dcarabetta@… Owned by: joe.rinehart
Priority: normal Milestone: 2.0 Beta 1 Bugfixes
Version: Severity: normal
Keywords: Cc:

Description

Just a small thing, but it's a bit of a security hole if somebody were to use the modelglueapplicationtemplate's build.xml file to create a new application because the build.xml file is included in the copy directive. If somebody gets to that file, you could potentially expose your system structure to the public. I modified the build.xml file in that directory to read:

<copy todir="${target}">

<fileset dir="${source}">

<exclude name="build.xml" />

</fileset>

</copy>

Granted, it doesn't solve the remaining hole for when somebody manually copies the whole directory structure, but this eliminates some of the problem.

Change History

Changed 20 years ago by joe.rinehart

  • owner changed from somebody to joe.rinehart
  • milestone changed from Release Public Beta 1 to Resolve Public Beta 1 Defects

Good call, Dave. I'll move the file altogether.

Changed 20 years ago by joe.rinehart

  • status changed from new to assigned

Changed 20 years ago by joe.rinehart

  • status changed from assigned to closed
  • resolution set to fixed

Fixed in [215].

Wow, that's a lot of porn spam.

Note: See TracTickets for help on using tickets.