Archive for the tag 'potential'

SBDavid
Apr 7th, 2010

How to do rpm test install to check potential conflicts

How to do rpm test install to check potential conflicts.

–test Do not install the package, simply check for and report potential conflicts.

–test Don’t really uninstall anything, just go through the motions. Useful in conjunction with the -vv option for debugging.

SBDavid
Aug 10th, 2009

Preventing potential cross-site scripting vulnerability

Preventing potential cross-site scripting vulnerability

There is a security issue related to Acrobat Reader version 7.08 and earlier versions . The flaw let hackers use a technique known as cross-site scripting, in which they blend malicious JavaScript with a link to a Portable Document Format (PDF) file on a Web site to hijack a user’s computer.

There is a server wide workaround for those who do not have the latest versions.

1 Search DefaultType in /usr/local/apache/conf/httpd.conf
After “DefaultType text/plain”
Add 

AddType application/octect-stream .pdf

2  Next  Enable mod_headers and check the version of apache (go to the specified directory)

cd /home/cpapachebuild/buildapache/apache_1.3.37/src/modules/standard
/usr/local/apache/bin/apxs -c mod_headers.c
/usr/local/apache/bin/apxs -i -a -n headers mod_headers.so

3 Search modsec in /usr/local/apache/conf/httpd.conf after the line add the following.

<IfModule mod_headers.c>
<FilesMatch “\.pdf$”>
Header append Content-Disposition “attachment;”
</FilesMatch>
</IfModule>

4 Restart apache