Re: Major Security Hole

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18828
interpreted = N
texte = >Oh crap! I get someting similar I can see all of my groups and user >names but the passwords appear as a string of weird characters. Now I >don't know if the characters can be interpreted or if it is just garbage. >I would prefer that nothing gets returned. > >I get the user group text string returned if I request: > >http://server.com/webcatalog/users.db::$data > >I also get the text string returned if I only request: > >http://server.com/webcatalog/users.db: > >I run a mac - webstar 2.1 and netcloak >I do NOT allow all webcatalog commands!Yes, Oh crap! Us, too! Except there was no garbage of any kind to interpret, just straight user, pass, groups data in easily readable text with either of these URLs above modified with our domain name.We are on WebSTAR 2.1 and WebCat 2.0.1 (no NetCloak but we run DynaMorph, Rumpus Pro, SiteEdit Pro, FlexMail and HomeDoor) and we do not allow all WebCatalog commands either (just the default).WebCatalog is off line until this is resolved. Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  2. Re: Major Security Hole (Kenneth Grome 1998)
  3. Re: Major Security Hole (Peter Ostry 1998)
  4. Re: Major Security Hole (Paul Uttermohlen 1998)
  5. Re: Major Security Hole (solution with Welcome) (Peter Ostry 1998)
  6. Re: Major Security Hole (Charles Kefauver 1998)
  7. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  8. Re: Major Security Hole (PCS Technical Support 1998)
  9. Re: Major Security Hole (Peter Ostry 1998)
  10. Re: Major Security Hole (Dan Tryon 1998)
  11. Re: Major Security Hole (Jim Turney 1998)
  12. Re: Major Security Hole (Peter Ostry 1998)
  13. Re: Major Security Hole (Paul Uttermohlen 1998)
  14. Re: Major Security Hole (Bob Minor 1998)
  15. Re: Major Security Hole (Dan Tryon 1998)
  16. Re: Major Security Hole (Brian Willson 1998)
  17. Re: Major Security Hole (Britt T. 1998)
  18. Re: Major Security Hole (Paul Uttermohlen 1998)
  19. Re: Major Security Hole (Dave MacLeay 1998)
  20. Re: Major Security Hole (Bob Minor 1998)
  21. Re: Major Security Hole (Peter Ostry 1998)
  22. Re: Major Security Hole (PCS Technical Support 1998)
  23. Major Security Hole (Paul Uttermohlen 1998)
  24. Re: Major Security Hole IIS NT (Bob Minor 1998)
  25. Re: Major Security Hole IIS NT (greg 1998)
  26. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  27. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  28. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  29. RE: Major Security Hole IIS NT (Olin 1998)
  30. Re: Major Security Hole IIS NT (Bob Minor 1998)
  31. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  32. Re: Major Security Hole IIS NT (Bob Minor 1998)
  33. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  34. Re: Major Security Hole IIS NT (Bob Minor 1998)
  35. Re: Major Security Hole IIS NT (Bob Minor 1998)
  36. Major Security Hole IIS NT (Bob Minor 1998)
  37. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  38. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  39. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  40. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  41. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  42. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  43. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
>Oh crap! I get someting similar I can see all of my groups and user >names but the passwords appear as a string of weird characters. Now I >don't know if the characters can be interpreted or if it is just garbage. >I would prefer that nothing gets returned. > >I get the user group text string returned if I request: > >http://server.com/webcatalog/users.db::$data > >I also get the text string returned if I only request: > >http://server.com/webcatalog/users.db: > >I run a mac - webstar 2.1 and netcloak >I do NOT allow all webcatalog commands!Yes, Oh crap! Us, too! Except there was no garbage of any kind to interpret, just straight user, pass, groups data in easily readable text with either of these URLs above modified with our domain name.We are on WebSTAR 2.1 and WebCat 2.0.1 (no NetCloak but we run DynaMorph, Rumpus Pro, SiteEdit Pro, FlexMail and HomeDoor) and we do not allow all WebCatalog commands either (just the default).WebCatalog is off line until this is resolved. Jim Turney

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

blank page from template (1997) MacAuthorize and WebMerchant (1997) Title not showing up in ViewOrder template (1998) [WebDNA] Problem running Webdna with IIS7 (2008) [WebDNA] Pretty URLS (2011) Using Plug-In while running 1.6.1 (1997) RequiredFields template (1997) Access Denied! But why? (1997) Include (1998) WebDNA Solutions ... sorry! (1997) Updating Prices in Online Database (1999) WebCat and image maps (1997) tcp connect includes (1999) WebCat2 beta FTP site (1997) Single Link browsing (1997) Emailer (1999) Trouble with formula.db (1997) Can't use old cart file (was One more try) (1997) search context w shownext works! (1997) LOOP and IF statements (1997)