Re: Permissions Ignored - PLEASE HELP

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47116
interpreted = N
texte = This is actually a fault with the WebDNA installer just as much I think. If you move the Orders/ShoppingCarts directories as we have done to the root of the site .. Change the preference from Orders to /OrdersThe standard Apache protection that the installer adds lets this through .. Couple this with directory browsing on and you have a pretty big problem on OSX .. The security in the httpd.conf file could be a lot stronger from WebDNA's point of view IMHO .. Like locking off .inc files so they also can't be shown as raw WebDNA in a browser ..We have ours pretty well locked down now if anyone wants a copy of the webDNA specific stuff ..Alain > Yeah - we know. It would have been funny if it wasn't so serious a breach. > It was simply that directory browsing was turned on I think. > > ----- Original Message ----- > From: Alex McCombie > To: WebCatalog Talk > Sent: Thursday, January 23, 2003 2:16 PM > Subject: Re: Permissions Ignored - PLEASE HELP > > >> On 1/22/03 8:04 PM, Andrew Simpson >> wrote: >> >>> This is the company that both alain and i used to work >>> for. they configured their brand new server wrong after we left... big >>> mistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140 >> Seems they wanted to blame someone else... >> ========= >> On the other hand, publisher and managing director David Johnson said he >> believed that someone with intimate knowledge of the system had broken the >> site's security, leaving the firm exposed. >> >> You have to have inside knowledge of the site and how it was built. >> >> Johnson said it might have been a set-up where the security was switched >> off. It had to have taken a code to get into the site, to break into our >> secure server. >> ========= >> >> >> >> Alex J McCombie New World Media >> Chief Information Officer Drawer 607 >> 800/724.8973 Fair Haven, NY 13064 >> Alex@NewWorldMedia.com http://OurClients.com >> >> Interface Designer WebDNA Programmer Database Designer >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  2. Re: Permissions Ignored - PLEASE HELP (Stuart Tremain 2003)
  3. Re: Permissions Ignored - PLEASE HELP (Gary Krockover 2003)
  4. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  5. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  6. Re: Permissions Ignored - PLEASE HELP (Alex McCombie 2003)
  7. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  8. Re: Permissions Ignored - PLEASE HELP (Kenneth Grome 2003)
  9. Re: Permissions Ignored - PLEASE HELP (Bob Minor 2003)
  10. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  11. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  12. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  13. Re: Permissions Ignored - PLEASE HELP (WJ Starck 2003)
  14. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  15. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  16. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  17. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  18. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  19. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  20. Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
This is actually a fault with the WebDNA installer just as much I think. If you move the Orders/ShoppingCarts directories as we have done to the root of the site .. Change the preference from Orders to /OrdersThe standard Apache protection that the installer adds lets this through .. Couple this with directory browsing on and you have a pretty big problem on OSX .. The security in the httpd.conf file could be a lot stronger from WebDNA's point of view IMHO .. Like locking off .inc files so they also can't be shown as raw WebDNA in a browser ..We have ours pretty well locked down now if anyone wants a copy of the webDNA specific stuff ..Alain > Yeah - we know. It would have been funny if it wasn't so serious a breach. > It was simply that directory browsing was turned on I think. > > ----- Original Message ----- > From: Alex McCombie > To: WebCatalog Talk > Sent: Thursday, January 23, 2003 2:16 PM > Subject: Re: Permissions Ignored - PLEASE HELP > > >> On 1/22/03 8:04 PM, Andrew Simpson >> wrote: >> >>> This is the company that both alain and i used to work >>> for. they configured their brand new server wrong after we left... big >>> mistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140 >> Seems they wanted to blame someone else... >> ========= >> On the other hand, publisher and managing director David Johnson said he >> believed that someone with intimate knowledge of the system had broken the >> site's security, leaving the firm exposed. >> >> You have to have inside knowledge of the site and how it was built. >> >> Johnson said it might have been a set-up where the security was switched >> off. It had to have taken a code to get into the site, to break into our >> secure server. >> ========= >> >> >> >> Alex J McCombie New World Media >> Chief Information Officer Drawer 607 >> 800/724.8973 Fair Haven, NY 13064 >> Alex@NewWorldMedia.com http://OurClients.com >> >> Interface Designer WebDNA Programmer Database Designer >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Alain Russell

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Re:quit command on NT (1997) Search in 2 or more catalogs (1997) IIS4b2 and WebCatalog b19 (1997) [WebDNA] WebDNA and Google Geo Tagging (2012) WebCat name recognition (was MacFinder -- a new WebDNA website) (1998) and more [shipcost].... (2001) Taget _top (2000) multiple price line in formula.db (2004) update problems (2004) Re2: frames & carts (1997) WebCommerce: Folder organization ? (1997) WebCat2 Append problem (B14Macacgi) (1997) Limit to variables passed on to next tpl? (1998) [ot] Authorize.Net Resellers (2006) WebCat hosting sites? (1998) WebCatalog2 Feature Feedback (1996) WebCat2b12 - nesting [tags] (1997) Using Plug-In while running 1.6.1 (1997) Backwards list behavior ... (1997) WebDNA Module with Apache 2.2 (2006)