On Tue, Aug 12, 2008 at 7:32 PM, Simetrical Simetrical+wikilist@gmail.com wrote:
On Tue, Aug 12, 2008 at 7:17 PM, Chad innocentkiller@gmail.com wrote:
This being said, is a major performance impact worth it? How real a threat is this; is it _currently_ being exploited?
That's a pretty poor standard to use. If it's known to be *possible* for someone to steal large numbers of admins' cookies and/or passwords through some phishing scheme, it's of secondary concern whether anyone happens to be doing it at the moment.
Currently it's not possible, just because all ZIP uploads are blocked. This is of kind of suboptimally low granularity, is the problem. JAR really has no mandatory distinctive headers or anything?
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I moreso mean that until it's identified as being a major vulnerability, is taking a major hit to performance an acceptable hit to take?
If this _isn't_ a huge concern, maybe a slower look at a solution that doesn't hit performance as bad could be considered.
I'm not the one to do it, as I'm way in over my head. Just trying to keep an eye on the practical side of it.
-Chad