What is apache doing ? Better be consistent, both sides (log or no log) have
value.
( log - good to know it's happening, no-log - don't want to fill the logs
with garbage if they do it from lots of machines / drones )
Costin
What is
On 10/21/07, Rémy Maucherat <[EMAIL PROTECTED]> wrote:
>
> On Sat, 2007-10-20 at 23:04 -0400, Mark Thomas wrote:
> > The mitigations available are:
> > - - Disable write access until a fixed version is released
> > - - Limit write access to trusted users
> > - - Apply the following patch which will be included in the next
> > releases of 6.0.x, 5.5.x and 4.1.x
>
> Since it's an obvious hacking attempt, I chose to use this method
> instead:
> documentBuilder.setEntityResolver
> (new EntityResolver() {
> public InputSource resolveEntity(String publicId,
> String systemId)
> throws SAXException, IOException {
> return new InputSource(new StringReader(""));
> }
> });
>
> -> no logging, replace with blank text (I was using an ISE right before
> instead of an input source, but there's no real justification)
>
> Rémy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
