Re: [WebDNA] path traversal

This WebDNA talk-list message is from

2020


It keeps the original formatting.
numero = 115087
interpreted = N
texte = 2716 It=E2=80=99s actually the oldest running eShop for computer hardware in = Israel launched in 1997 with WebCatalog on Mac OS (PowerPC) and 2-3 years ago moved to CentOS and WebDNA enterprise. The WebDNA runs great will all the ^ and all the other weird stuff and = the site is super solid and fast for decades And also new code is added all the time for the last 22 years and now = this issue also solved No reason to change nothing. Same URLs for 22 years is something Google = adore. Yours, Yariv > On 14 Apr 2020, at 12:19, talk@webdna.us wrote: >=20 > As far as I know the old (but awesome) e-commerce system is no longer = supported.=20 >=20 > Every commerce context for that old e-commerce system (orderfile, = addlitems, etc) had path parameter options... (so, for example = =E2=80=98file=3D^=E2=80=99). >=20 > =E2=80=98^=E2=80=99 symbol is the path to the globals directory. = (Which is also, I believe, said to be unsupported)=20 >=20 > I=E2=80=99d suggest finding a new solution.. but if you are sticking = with ancient technology, find a copy of the older docs. Good luck=20 >=20 >=20 >=20 > D. Brooke Mobile >=20 >> On Apr 14, 2020, at 2:55 AM, talk@webdna.us wrote: >>=20 >> =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 >> https://portswigger.net/web-security/file-path-traversal >>=20 >> and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D = folder is located usually under a website folder is not a good practice. >> How do i move the creation of files from the directory under the = website forlder to be under the Globals so it=E2=80=99ll be protected = from such kind of attack ? >>=20 >> I made such directory elsewhere but didn=E2=80=99t know how to make = WebDNA use it ? >>=20 >> I use CentOS 7 and=20 >>=20 >> Yours, >>=20 >> Yariv--------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list talk@webdna.us >> To unsubscribe, E-mail to: talk-leave@webdna.us >> archives: http://www.webdna.us/page.dna?numero=3D55 >> Bug Reporting: support@webdna.us >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  2. Re: [WebDNA] path traversal (Office 2020)
  3. Re: [WebDNA] path traversal (Office 2020)
  4. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  5. Re: [WebDNA] path traversal (Stuart Tremain 2020)
  6. Re: [WebDNA] path traversal (Donovan Brooke 2020)
  7. [WebDNA] path traversal (Yariv Nachshon 2020)
2716 It=E2=80=99s actually the oldest running eShop for computer hardware in = Israel launched in 1997 with WebCatalog on Mac OS (PowerPC) and 2-3 years ago moved to CentOS and WebDNA enterprise. The WebDNA runs great will all the ^ and all the other weird stuff and = the site is super solid and fast for decades And also new code is added all the time for the last 22 years and now = this issue also solved No reason to change nothing. Same URLs for 22 years is something Google = adore. Yours, Yariv > On 14 Apr 2020, at 12:19, talk@webdna.us wrote: >=20 > As far as I know the old (but awesome) e-commerce system is no longer = supported.=20 >=20 > Every commerce context for that old e-commerce system (orderfile, = addlitems, etc) had path parameter options... (so, for example = =E2=80=98file=3D^=E2=80=99). >=20 > =E2=80=98^=E2=80=99 symbol is the path to the globals directory. = (Which is also, I believe, said to be unsupported)=20 >=20 > I=E2=80=99d suggest finding a new solution.. but if you are sticking = with ancient technology, find a copy of the older docs. Good luck=20 >=20 >=20 >=20 > D. Brooke Mobile >=20 >> On Apr 14, 2020, at 2:55 AM, talk@webdna.us wrote: >>=20 >> =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20 >> https://portswigger.net/web-security/file-path-traversal >>=20 >> and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D = folder is located usually under a website folder is not a good practice. >> How do i move the creation of files from the directory under the = website forlder to be under the Globals so it=E2=80=99ll be protected = from such kind of attack ? >>=20 >> I made such directory elsewhere but didn=E2=80=99t know how to make = WebDNA use it ? >>=20 >> I use CentOS 7 and=20 >>=20 >> Yours, >>=20 >> Yariv--------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list talk@webdna.us >> To unsubscribe, E-mail to: talk-leave@webdna.us >> archives: http://www.webdna.us/page.dna?numero=3D55 >> Bug Reporting: support@webdna.us >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list talk@webdna.us > To unsubscribe, E-mail to: talk-leave@webdna.us > archives: http://www.webdna.us/page.dna?numero=3D55 > Bug Reporting: support@webdna.us --------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list talk@webdna.us To unsubscribe, E-mail to: talk-leave@webdna.us archives: http://www.webdna.us/page.dna?numero=3D55 Bug Reporting: support@webdna.us . Office

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Where's Cart Created ? (1997) Help! WebCat2 bug (1997) WebCatalog/WebMerchant 2.1 (1998) Trouble with my database (1998) Country & Ship-to address & other fields ? (1997) multi-paragraph fields (1997) [WebDNA] Ubuntu 14.04 & WebDNA (2017) Wanted: More Math Functions (or, Can You Solve This?) (1997) WebCat2b13MacPlugIn - More limits on [include] (1997) More on [purchase] (1998) member pages (2000) Field name-subcategory (1997) [OT] Who's got a cool link (2002) Why is deleting so slow? (2002) Sendmail html/text and CCS problem (2003) [ShowIf] and empty fields (1997) passing search criteria (1997) WebDNA 4.5 not starting on boot? (2002) Where is the bug fix info for 4.0.1? (2000) Taxes rates based on item and State (1998)