Hi,
There seems to be a security flaw in the image deletion. It seems
anyone can delete old versions.
So a practical attack becomes possible: just upload a new (junk)
version of an image, and delete the old one.
This is made worse since even sysops can't undo image deletion.
Perhaps deletion of old image versions should be restricted to
sysops?
--
Allan Crossman
a.crossman@blueyonder.co.uk
http://dogma.pwp.blueyonder.co.uk
There seems to be a security flaw in the image deletion. It seems
anyone can delete old versions.
So a practical attack becomes possible: just upload a new (junk)
version of an image, and delete the old one.
This is made worse since even sysops can't undo image deletion.
Perhaps deletion of old image versions should be restricted to
sysops?
--
Allan Crossman
a.crossman@blueyonder.co.uk
http://dogma.pwp.blueyonder.co.uk