comment on

In the end I know for a fact that I closed one security hole and I am reasonably sure that I didn't introduce any new problems.

i get the impression that this is a script that the company makes available to the public. if you know for a fact that you closed a security hole, it would logically imply that the version the company is distributing contains a security hole. i think the responsible thing to do would be to publish the vulnerability on bugtraq or some other appropriate forum.

if other people are using it, publishing the vulnerability may encourage them to either remove it from their servers or fix it. it would also perhaps encourage the company to integrate some of your changes and maybe consider being a little nicer to people who send them patches in the future.

anders pearson

In reply to Re: Re: Re: Blackbox implementation, but.... by thraxil
in thread Blackbox implementation, but.... by IndyZ

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


good chemistry is complicated, and a little bit messy -LW
	PerlMonks