Analog: Security warning


Do not use the form interface supplied with versions 2.91 or 3.0 of analog. There is a security hole which could theoretically allow anyone using the form to ask your server for any file on the system.

A well-configured server would not be able to read any really sensitive files, but you probably still don't want outside people reading all the files that the server can read, even if they're available to inside users.

Versions 3.1 and later do not have this bug.

My apologies for any inconvenience caused.


Go to the analog home page.

Stephen Turner
University of Cambridge Statistical Laboratory

Need help with analog? Use the analog-help mailing list.

Page last modified: 08-Jul-00