Re: WebCatalog security on NT
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 27184
interpreted = N
texte = > >Hi,> >> >I would like to suggest a customer to offer webcat, on their NT web> >hosting systems.> >> >I have seen some posts from Ken, and I know that is the case on a> >Mac, that somebody with upload capabilities, could possibly cause *a> >lot* of trouble, deleting files, running applescripts, messing with> >the TCPSend command, and so on> >> >The customer offers web hosting services, with virtual domains, on >an NT box.> >> >Can webcat be told to run only in certain folders?>>No, that's the major problem preventing it from being a secure >hosting tool. Webcat on NT can run DOS commands/scripts, so nothing >is safe on NT, just like nothing is safe on Macintosh. Even without >AppleScript/DOS contexts, webcat's ability to navigate the folder >hierarchy with its standard features puts other sites in danger of >being hacked quite easily.Thanks Ken,That was a pretty fast response...So I assume that since people *do* host sites on NT, they still must have devised a method of doing that... What are the prevention steps that could be taken do have a somewhat secure hosting.The same hosting box runs ColdFusion, Could ColdFusion navigate folder hierarchy, like webcat? Because if that's the case, I could suggest disabling the DOS commands, and then it would be posing the same risk as CF.Serban-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to
.This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Associated Messages, from the most recent to the oldest:
> >Hi,> >> >I would like to suggest a customer to offer webcat, on their NT web> >hosting systems.> >> >I have seen some posts from Ken, and I know that is the case on a> >Mac, that somebody with upload capabilities, could possibly cause *a> >lot* of trouble, deleting files, running applescripts, messing with> >the TCPSend command, and so on> >> >The customer offers web hosting services, with virtual domains, on >an NT box.> >> >Can webcat be told to run only in certain folders?>>No, that's the major problem preventing it from being a secure >hosting tool. Webcat on NT can run DOS commands/scripts, so nothing >is safe on NT, just like nothing is safe on Macintosh. Even without >AppleScript/DOS contexts, webcat's ability to navigate the folder >hierarchy with its standard features puts other sites in danger of >being hacked quite easily.Thanks Ken,That was a pretty fast response...So I assume that since people *do* host sites on NT, they still must have devised a method of doing that... What are the prevention steps that could be taken do have a somewhat secure hosting.The same hosting box runs ColdFusion, Could ColdFusion navigate folder hierarchy, like webcat? Because if that's the case, I could suggest disabling the DOS commands, and then it would be posing the same risk as CF.Serban-------------------------------------------------------------Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server.To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Serban Constantinescu
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Logical and or in [hideif] (1997)
Quick ShowIf question (1997)
Any help gratefully appreciated (2001)
Secure server question (1997)
A little help on e-mail (HELP!!! :-) ) (1998)
ShowIf inside formulas (1997)
os 8.5 (1999)
Date Bug (1998)
[OT] Multihoming Windows 2003 Server (2005)
Instructions for Digest (1997)
Emailer (WebCat2) (1997)
why is this line in GeneralStore? (1998)
WC 3.0.1 Mac days_to_date (1998)
Reindexing a db with duplicate numbers... (1999)
new cart IDs being assigned somehow (1997)
Where's the POP3 example? (2005)
Help! WebCat2 bug (1997)
OT : Best book for OSX (2002)
[ShowIf] and empty fields (1997)
minimalist shopping cart. (1997)