Smalltalker trying to hack site

Avi Bryant avi at beta4.com
Mon Feb 3 03:51:10 UTC 2003


On Sun, 2 Feb 2003, Nevin Pratt wrote:

> Note that if you load Seaside 2.x into your image (which I have done),
> as far as I know the 'config' app is still not protected by default.

It is protected, but only with a default password, of course - if you
don't change this you're still vulnerable to those in the know.

Your urls don't look like someone trying to hack into a Seaside app,
though - pasting bits of Smalltalk code into the url would *never* do
anything useful.  So I'm not sure about your conclusion that this person
was familiar with Squeak.  As you point out, however, an unsecured Seaside
server does give you pretty complete tools access (which is extremely
useful during development, but definitely wants to be locked down for
deployment).

Avi



More information about the Squeak-dev mailing list