Re: Major Security Hole

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18832
interpreted = N
texte = >I run a mac - webstar 2.1 and netcloak >I do NOT allow all webcatalog commands!>Yes, Oh crap! Us, too! Except there was no garbage of any kind to >interpret, just straight user, pass, groups data in easily readable text >with either of these URLs above modified with our domain name. > >We are on WebSTAR 2.1 and WebCat 2.0.1 (no NetCloak but we run DynaMorph, >Rumpus Pro, SiteEdit Pro, FlexMail and HomeDoor) and we do not allow all >WebCatalog commands either (just the default). > >WebCatalog is off line until this is resolved. According to the recent mails, the problem has something to do with NetCloak or similar tools.If it is not possible to parse the URL for :: and DATA with any of the mentioned tools, I can install NetCloak on my machine and - if I am able to reproduce the problem - try to write a short, compiled 4D application (acgi) which you set up as a preprocessor (assuming you haven't one yet). Needs about 3 MB RAM and redirects to an error page (put nasty stuff on it...) Much of memory, yes, but you won't see a remarkable delay in speed. If the characters in question are not in the URL it simply does nothing. No licence fee. Of course, I have to check it first and it sounds somehow overdone - but could help until the problem gets fixed otherwise. Send me a short private reply if you want me to try it (po@ostry.com)Or ask Andreas Pardeike if you can set up his Welcome Plugin to check the special URL. Could work if you run WebStar and no additional multi-domain software. http://welcome.comcon.de email: pardeike@comcon.de Peter__________________________________________ Peter Ostry - po@ostry.com - www.ostry.com Ostry & Partner - Ostry Internet Solutions Auhofstrasse 29 A-1130 Vienna Austria fon ++43-1-8777454 fax ++43-1-8777454-21 Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  2. Re: Major Security Hole (Kenneth Grome 1998)
  3. Re: Major Security Hole (Peter Ostry 1998)
  4. Re: Major Security Hole (Paul Uttermohlen 1998)
  5. Re: Major Security Hole (solution with Welcome) (Peter Ostry 1998)
  6. Re: Major Security Hole (Charles Kefauver 1998)
  7. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  8. Re: Major Security Hole (PCS Technical Support 1998)
  9. Re: Major Security Hole (Peter Ostry 1998)
  10. Re: Major Security Hole (Dan Tryon 1998)
  11. Re: Major Security Hole (Jim Turney 1998)
  12. Re: Major Security Hole (Peter Ostry 1998)
  13. Re: Major Security Hole (Paul Uttermohlen 1998)
  14. Re: Major Security Hole (Bob Minor 1998)
  15. Re: Major Security Hole (Dan Tryon 1998)
  16. Re: Major Security Hole (Brian Willson 1998)
  17. Re: Major Security Hole (Britt T. 1998)
  18. Re: Major Security Hole (Paul Uttermohlen 1998)
  19. Re: Major Security Hole (Dave MacLeay 1998)
  20. Re: Major Security Hole (Bob Minor 1998)
  21. Re: Major Security Hole (Peter Ostry 1998)
  22. Re: Major Security Hole (PCS Technical Support 1998)
  23. Major Security Hole (Paul Uttermohlen 1998)
  24. Re: Major Security Hole IIS NT (Bob Minor 1998)
  25. Re: Major Security Hole IIS NT (greg 1998)
  26. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  27. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  28. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  29. RE: Major Security Hole IIS NT (Olin 1998)
  30. Re: Major Security Hole IIS NT (Bob Minor 1998)
  31. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  32. Re: Major Security Hole IIS NT (Bob Minor 1998)
  33. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  34. Re: Major Security Hole IIS NT (Bob Minor 1998)
  35. Re: Major Security Hole IIS NT (Bob Minor 1998)
  36. Major Security Hole IIS NT (Bob Minor 1998)
  37. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  38. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  39. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  40. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  41. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  42. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  43. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
>I run a mac - webstar 2.1 and netcloak >I do NOT allow all webcatalog commands!>Yes, Oh crap! Us, too! Except there was no garbage of any kind to >interpret, just straight user, pass, groups data in easily readable text >with either of these URLs above modified with our domain name. > >We are on WebSTAR 2.1 and WebCat 2.0.1 (no NetCloak but we run DynaMorph, >Rumpus Pro, SiteEdit Pro, FlexMail and HomeDoor) and we do not allow all >WebCatalog commands either (just the default). > >WebCatalog is off line until this is resolved. According to the recent mails, the problem has something to do with NetCloak or similar tools.If it is not possible to parse the URL for :: and DATA with any of the mentioned tools, I can install NetCloak on my machine and - if I am able to reproduce the problem - try to write a short, compiled 4D application (acgi) which you set up as a preprocessor (assuming you haven't one yet). Needs about 3 MB RAM and redirects to an error page (put nasty stuff on it...) Much of memory, yes, but you won't see a remarkable delay in speed. If the characters in question are not in the URL it simply does nothing. No licence fee. Of course, I have to check it first and it sounds somehow overdone - but could help until the problem gets fixed otherwise. Send me a short private reply if you want me to try it (po@ostry.com)Or ask Andreas Pardeike if you can set up his Welcome Plugin to check the special URL. Could work if you run WebStar and no additional multi-domain software. http://welcome.comcon.de email: pardeike@comcon.de Peter__________________________________________ Peter Ostry - po@ostry.com - www.ostry.com Ostry & Partner - Ostry Internet Solutions Auhofstrasse 29 A-1130 Vienna Austria fon ++43-1-8777454 fax ++43-1-8777454-21 Peter Ostry

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Not really WebCat (1997) WebCat2b15MacPlugin - showing [math] (1997) multiple search commands (1997) Almost a there but..bye bye NetCloak (1997) Erotic Sites (1997) Re:my First Ship table (1998) Problems with [Search] param - Mac Plugin b15 (1997) Separate SSL Server (1997) Writefile doesn't work, which permissions to use? (2005) Execute Applescript (1997) File Uploads... (1997) WebCatalog 2.0 b 15 mac (1997) quantity minimum problem (1997) Running _every_ page through WebCat-error.html (1997) E-Mail Preferences in Admin Folder (1997) WebDNA 4.5.1 Now Available (2003) Function basic question (2006) Separate SSL Server (1997) math problems (2000) Mondo amounts of Mail [long] (1999)