Re: Security hole in WebCat?
This WebDNA talk-list message is from 1999
It keeps the original formatting.
numero = 24726
interpreted = N
texte = >Hi Webcats:>>Frequently, as I am developing a site using webcat, when I reload a page,>I get a bunch of garbled content. Normally, this is unreadable text>characters. However, on occasion, a random email is brought into my web>browswer window.>>We are running EIMS on the same server as WebCat. This was particulary>interesting as the message I saw today was of a very private nature between>a doctor and a patient.>>Why does this happen? Has anyone else noticed this?I noticed something similar last night that I've been investigating all day:While working on a page, I was served up the contents of one of my databases. It came across as plain text in my browser window. Hitting reload didn't work and I could only get rid of it by flushing WebStar's data cache (at which point the correct page was displayed).Something similar happened a few hours ago. Part (but not all) of a database was served to my browser. I'm still investigating, but it's a major security hole. It's like WebCat is getting memory threads mixed up. Unfortunately, I have been unable to reproduce the error on command.This is with Web* 4.1b17 and WebCat Mac PI b11 (most recent release). More details as I narrow things down (if possible).Michael-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to
.This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Associated Messages, from the most recent to the oldest:
>Hi Webcats:>>Frequently, as I am developing a site using webcat, when I reload a page,>I get a bunch of garbled content. Normally, this is unreadable text>characters. However, on occasion, a random email is brought into my web>browswer window.>>We are running EIMS on the same server as WebCat. This was particulary>interesting as the message I saw today was of a very private nature between>a doctor and a patient.>>Why does this happen? Has anyone else noticed this?I noticed something similar last night that I've been investigating all day:While working on a page, I was served up the contents of one of my databases. It came across as plain text in my browser window. Hitting reload didn't work and I could only get rid of it by flushing WebStar's data cache (at which point the correct page was displayed).Something similar happened a few hours ago. Part (but not all) of a database was served to my browser. I'm still investigating, but it's a major security hole. It's like WebCat is getting memory threads mixed up. Unfortunately, I have been unable to reproduce the error on command.This is with Web* 4.1b17 and WebCat Mac PI b11 (most recent release). More details as I narrow things down (if possible).Michael-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Michael Winston
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[OT] Funny (2004)
WebStar Secure on other machine (1997)
Problem (1997)
WebCat virtual postcard is done! Thanks for the help! (1998)
Installing WebCat under Linux Q (2000)
access denied problem (1997)
Getting total number of items ordered (1997)
Multiple catalog databases and showcart (1997)
[subtotal] and others (1997)
Problems getting parameters passed into email. (1997)
wierd [cart] action! (1997)
WebCat2 - Getting to the browser's username/password data (1997)
Shipping charges (1998)
WebCatalog can't find database (1997)
PIXO support (1997)
PIXO support (1997)
Followup question re: checksum for credit cards? (1997)
setlineiems and UnitShip Cost (2000)
Support ?? (1997)
price formula (1999)