[SPT/CWIS] wpoison

Cornejo, Luis A. lcornejo at dep.anl.gov
Wed Jun 7 15:14:30 CDT 2006 

Nevermind, my fault, I had renamed them to just one hyphen not too!
O'well...

-Luis-

-----Original Message-----
From: spt-cwis-users-bounces at scout.wisc.edu
[mailto:spt-cwis-users-bounces at scout.wisc.edu] On Behalf Of Cornejo,
Luis A.
Sent: Wednesday, June 07, 2006 3:01 PM
To: SPT / CWIS Users Discussion List
Subject: RE: [SPT/CWIS] wpoison

I have had version 1.1.3, would you consider this early (probably)?

Also, I was trying to upgrade to 1.4.0 but I get the following message:


Unpacking distribution archive...done.
Checking for modified HTML files to preserve during upgrade...md5sum:
SPTUI--CleanOrange/MetadataTool/SPT--MDSideNav.html: No such file or
directory
Use of uninitialized value in string ne at ./sptinstall-1.4.0 line 394,
<INPUT>
line 1.


An error was encountered while attempting to determine file checksums.

I obviously updated a lot html files and don't want to loose
customization. I manually checked for SPT--MDSideNav.html, its there, it
seems that when md5sum does not find that file, no variable is
initialize and a runtime error occurs. Is it possible that 1.1.3 to
1.4.0 upgrade is too big of a version jump? (I wouldn't think so)

-Luis-

-----Original Message-----
From: spt-cwis-users-bounces at scout.wisc.edu
[mailto:spt-cwis-users-bounces at scout.wisc.edu] On Behalf Of Edward
Almasy
Sent: Wednesday, June 07, 2006 2:56 PM
To: SPT / CWIS Users Discussion List
Subject: Re: [SPT/CWIS] wpoison

On Jun 7, 2006, at 2:06 PM, Cornejo, Luis A. wrote:
> To the developers, has SPT been developed with SQL Injection  
> precautions by using stored procedures and callable statements etc?

    Early versions of SPT and CWIS did have a couple of
    SQL-injection-related vulnerabilities, but as far as
    we know all form and URL (GET) input in the current
    version of the software is guarded against injection
    attacks.

    If you're aware of any security vulnerability in SPT
    or CWIS, please let us know ASAP so that it can be
    fixed.

    Ed


---
    Edward Almasy                                      
ealmasy at scout.wisc.edu
    Co-Director                                         1210 W Dayton  
Street
    Internet Scout                                          Madison  
WI 53706
    Computer Sciences Department                        608-262-6606  
(voice)
    University of Wisconsin - Madison                      
608-265-9296 (fax)



_______________________________________________
SPT-CWIS-Users mailing list
SPT-CWIS-Users at scout.wisc.edu
http://scout.wisc.edu/mailman/listinfo/spt-cwis-users

_______________________________________________
SPT-CWIS-Users mailing list
SPT-CWIS-Users at scout.wisc.edu
http://scout.wisc.edu/mailman/listinfo/spt-cwis-users

More information about the SPT-CWIS-Users mailing list