On 01/02/2011 07:36, Amos Jeffries wrote:
Section 6.1 was written 6-8 years ago... I can't say that I fully understand CVE2009-0801... Can you elaborate on the security vulnerability and how it applies to 6.1??The whole of section 6.1 is a major security vulnerability "don't do it!" situation. Read CVE-2009-0801 for an explanation of what malware can do to trivially spread themselves across your whole client base.The currently available Squid do permit it with loud failure warnings in cache.log. We are planning on fully disabling the security hole in the near future.
-- Best Regards, Giles Coochey NetSecSpec Ltd NL T-Systems Mobile: +31 681 265 086 NL Mobile: +31 626 508 131 GIB Mobile: +350 5401 6693 Email/MSN/Live Messenger: giles@xxxxxxxxxxx Skype: gilescoochey
<<attachment: smime.p7s>>
