The following new message has been posted on Phorm Support Forum at <http://www.phorm.com/support/>. *************************************************************************** MESSAGE: (#3793) Security Hole <http://www.phorm.com/support/?rev=3793> AUTHOR: superwebgirl DATE: March 2, 2004 at 8:31 a.m. EST Hi, I am by NO MEANS an expert in this area, but I did notice that if you do not put an "index.html" file in each of the directories, they are vulnerable to being downloaded. I just tried to hack my own installation, and I was successful. (scary thought that *I* could do it!) :) Just a suggestion that maybe in future releases of Phorm, perhaps an "index.html" should be included in each directory? Also, I'm not quite clear about *why* we don't need to adjust file permissions? I'm used to using Perl, and file permissions are always set when using a Perl script. Wouldn't it be better to limit them as much as possible for security reasons? If so, can you send me a list of the permissions? I would truly appreciate a response from someone (anyone) on this since I am NOT an expert. Thanks! *************************************************************************** This is an automatically-generated notice. If you'd like to be removed from the mailing list, please visit Phorm Support Forum at <http://www.phorm.com/support/>, or send your request to webbbs@xxxxxxxxxx If you wish to respond to this message, please post your response directly to the board. Thank you! ------------------------------------------------- You are receiving this message because you are subscribed to the Phorm mailing list. To send messages to the mailing list, simply send email to phorm@xxxxxxxxxxxxx from the address you have subscribed. You may unsubscribe from the list by sending email to phorm-request@xxxxxxxxxxxxx with 'unsubscribe' in the SUBJECT field.