Dealing with opml security
There’s been an important fix to close a security hole in the OPML Community. If you have a server running, and if you haven’t modified the code, at the top of the hour it should have updated, and you should have the fix already installed.We’re not documenting the issue or the fix at this time to protect servers that may not yet have the fix installed.
If you’d like to verify that the fix has been installed, jump to opmlCommunityServerSuite.saveFile. There should be a comment at the top of the file dated “11/17/05; 7:12:30 AM by DW”. If it’s there, you have the fix.
Thanks to Phillip Pearson for finding and reporting the problem. I’ve worked with him on previous server projects and his help is always incredibly timely, straight on, and appreciated.
Also a note about making modifications to the code. The same caveats apply as with the workstation code. Changes may get overwritten in updates. Let’s add callbacks where people need them, and parameterize things where needed, so we can avoid difficulties down the road.
How to update
To get the new features you must update both opml.root and newsRiver.root.
1. From the NewsRiver sub-menu of the Tools menu, choose Get Latest Code.
2. From the File menu, choose Update opml.root.
How to use
It’s a new prefs panel.
Choose Preferences from the NewsRiver sub-menu of the Tools menu.
Click on Remote access and security.