Re: Permissions Ignored - PLEASE HELP
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 47116
interpreted = N
texte = This is actually a fault with the WebDNA installer just as much I think.If you move the Orders/ShoppingCarts directories as we have done to the rootof the site .. Change the preference fromOrders to/OrdersThe standard Apache protection that the installer adds lets this through ..Couple this with directory browsing on and you have a pretty big problem onOSX .. The security in the httpd.conf file could be a lot stronger from WebDNA'spoint of view IMHO .. Like locking off .inc files so they also can't beshown as raw WebDNA in a browser ..We have ours pretty well locked down now if anyone wants a copy of thewebDNA specific stuff ..Alain> Yeah - we know. It would have been funny if it wasn't so serious a breach.> It was simply that directory browsing was turned on I think.> > ----- Original Message -----> From: Alex McCombie
> To: WebCatalog Talk > Sent: Thursday, January 23, 2003 2:16 PM> Subject: Re: Permissions Ignored - PLEASE HELP> > >> On 1/22/03 8:04 PM, Andrew Simpson >> wrote:>> >>> This is the company that both alain and i used to work>>> for. they configured their brand new server wrong after we left... big>>> mistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140>> Seems they wanted to blame someone else...>> =========>> On the other hand, publisher and managing director David Johnson said he>> believed that someone with intimate knowledge of the system had broken the>> site's security, leaving the firm exposed.>> >> You have to have inside knowledge of the site and how it was built.>> >> Johnson said it might have been a set-up where the security was switched>> off. It had to have taken a code to get into the site, to break into our>> secure server.>> =========>> >> >> >> Alex J McCombie New World Media>> Chief Information Officer Drawer 607>> 800/724.8973 Fair Haven, NY 13064>> Alex@NewWorldMedia.com http://OurClients.com>> >> Interface Designer WebDNA Programmer Database Designer>> >> >> >> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to> >> Web Archive of this list is at: http://webdna.smithmicro.com/> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
This is actually a fault with the WebDNA installer just as much I think.If you move the Orders/ShoppingCarts directories as we have done to the rootof the site .. Change the preference fromOrders to/OrdersThe standard Apache protection that the installer adds lets this through ..Couple this with directory browsing on and you have a pretty big problem onOSX .. The security in the httpd.conf file could be a lot stronger from WebDNA'spoint of view IMHO .. Like locking off .inc files so they also can't beshown as raw WebDNA in a browser ..We have ours pretty well locked down now if anyone wants a copy of thewebDNA specific stuff ..Alain> Yeah - we know. It would have been funny if it wasn't so serious a breach.> It was simply that directory browsing was turned on I think.> > ----- Original Message -----> From: Alex McCombie > To: WebCatalog Talk > Sent: Thursday, January 23, 2003 2:16 PM> Subject: Re: Permissions Ignored - PLEASE HELP> > >> On 1/22/03 8:04 PM, Andrew Simpson >> wrote:>> >>> This is the company that both alain and i used to work>>> for. they configured their brand new server wrong after we left... big>>> mistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140>> Seems they wanted to blame someone else...>> =========>> On the other hand, publisher and managing director David Johnson said he>> believed that someone with intimate knowledge of the system had broken the>> site's security, leaving the firm exposed.>> >> You have to have inside knowledge of the site and how it was built.>> >> Johnson said it might have been a set-up where the security was switched>> off. It had to have taken a code to get into the site, to break into our>> secure server.>> =========>> >> >> >> Alex J McCombie New World Media>> Chief Information Officer Drawer 607>> 800/724.8973 Fair Haven, NY 13064>> Alex@NewWorldMedia.com http://OurClients.com>> >> Interface Designer WebDNA Programmer Database Designer>> >> >> >> ------------------------------------------------------------->> This message is sent to you because you are subscribed to>> the mailing list .>> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to> >> Web Archive of this list is at: http://webdna.smithmicro.com/> > > -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> > Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Alain Russell
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Re:quit command on NT (1997)
Search in 2 or more catalogs (1997)
IIS4b2 and WebCatalog b19 (1997)
[WebDNA] WebDNA and Google Geo Tagging (2012)
WebCat name recognition (was MacFinder -- a new WebDNA website) (1998)
and more [shipcost].... (2001)
Taget _top (2000)
multiple price line in formula.db (2004)
update problems (2004)
Re2: frames & carts (1997)
WebCommerce: Folder organization ? (1997)
WebCat2 Append problem (B14Macacgi) (1997)
Limit to variables passed on to next tpl? (1998)
[ot] Authorize.Net Resellers (2006)
WebCat hosting sites? (1998)
WebCatalog2 Feature Feedback (1996)
WebCat2b12 - nesting [tags] (1997)
Using Plug-In while running 1.6.1 (1997)
Backwards list behavior ... (1997)
WebDNA Module with Apache 2.2 (2006)