[ic] Interchange security releases: 5.7.2, 5.6.2, 5.4.4
lists at gmnet.net
Fri Sep 25 06:38:44 UTC 2009
On Sat, 2009-09-19 at 16:49 -0700, Peter wrote:
> On 09/19/2009 04:20 PM, Grant wrote:
> > I hope replying here is alright. I'm trying to figure out if I'm
> > vulnerable to this. I don't use [search-region] or ActionMap at all.
> > Does that exclude me?
> No, you are vulnerable if you use a Standard or Foundation based
> catalog. You are vulnerable if you have a search results page that
> utilizes the Interchange standard search facilities anywhere, even if
> you do not use it. If you think you might be vulnerable you probably
> are. If you think you are not vulnerable then you still probably are.
> I recommend this update for ... pretty much everyone.
Thanks for this update, I have updated all my e-commerce catalogs with
no problems at all except for one that is scheduled to go live on next
Wednesday. The countdown to bringing Montpelier live has started, and
the city is like a mob scene, they will be banging on my door because it
is already really late :)
Anyway, my issue is that I am using lots of new tables that I have build
for "content management" and "social networking" purposes. I am using a
search similar to the "search_box_smnall" and "advancedsearch" for much
of the content, also I am usinig a "swish" search for pdf files. The
tables are somewhat private so I don't want to open them up in the
"AllowRemoteSearch" config directive in catalog.cfg
Are there new ways to use these kinds of searches? Or is there a
temporary work-around that I can do for now?
Thanks again, and please make the mob go away!
This message has been scanned for viruses and
dangerous content by Green Mountain Network, and is
believed to be clean.
More information about the interchange-users