Web Server Bug

Ricky Zhou ricky at fedoraproject.org
Fri Jun 15 02:59:55 UTC 2007

David Douthitt wrote:
> I submitted my GPG key, got an account, signed the CLA, etc.  Then I
> went to change my user details (for group membership) and put
> "Infrastructure" into the box on the bottom (above the dropbox that
> defaults to "user") and the python code blew up.
As far as I can tell, this is the response when the group doesn't exist
(looks like it's case sensitive- you probably wanted "infrastructure").

> One other thing - isn't the error itself a security error?  I mean, it
> gives me Python code, line numbers, procedure names, Python version and
> location, and more.  
I don't think just showing code/non-sensitive debugging information is a
huge security problem.  Consider that the code for the accounts system
is publicly viewable in CVS anyway (hooray for openness):

As a side note, I think the accounts system is being rewritten so
hopefully, such errors will be treated more gracefully in the future.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20070614/766db909/attachment.sig>

More information about the Fedora-infrastructure-list mailing list