Changes between Initial Version and Version 1 of Ticket #1665, comment 4
- Timestamp:
- 2012-01-25T05:15:29Z (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #1665, comment 4
initial v1 2 2 3 3 Users can upload arbitrary content (such as by a {{{PUT /uri}}} request), so any accounting based on the gateway's identity cannot distinguish between users. (I am not familiar with the work on accounting. This vulnerability may soon be moot.) 4 5 '''Workaround''': Blocking non-{{{GET}}} requests is sufficient to prevent content upload or modification.
