Wednesday, August 24th, 2005

CPAINT Security Flaw: Hold your horses

Category: Editorial

There was a lot of fuzz over the CPAINT security flaw:

A security hole in a popular development tool has severe implications for a number of the Internet’s most popular applications, including Gmail, Flikr and MSN Virtual Earth.

This has been taken a little far.

CPAINT has been updated, so it doesn’t allow you to pass back anything via eval(..) to the server, and if you look at version 2 you see:

*** Regarding media reports & security advisories, the new version is NOT affected by the bug reported in versions prior to v1.3-SP & v1.3-SP2. And to our knowledge, AOL, Google, Microsoft, nor Yahoo is using our code! ***

I had someone email me saying “Ajax is unsecure!”. *sigh*.

Posted by Dion Almaer at 12:54 pm
Comment here

+++--
3 rating from 5 votes

Comments Here »

Comments feed

Leave a comment

You must be logged in to post a comment.