Major Security Hole

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18813
interpreted = N
texte = Major Security Hole,Earlier this month, Mac Webmasters got a chuckle at the security hole exposed in IIS using that text ::$DATA at the end of a url for .tpl or .asp, etc.Cool. It reveals the code that we all thought was hidden because it was processed on the server. The fix was to map .tpl::$DATA to the webcat .dll. Simple enough. It works.BUT Macs are susceptible to this as well! And you can't, or at least I couldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags. NOT good if you are showing and hiding text based on passwords like [showif [password]=3294.bob]. Now it becomes simple to find the once hidden passwords.Any body got any ideas?Anyone know why I can't map .tmpl::$DATA to Webcatalog on Webstar? Maybe the $ is the problem.Thanks, Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\_ _/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  2. Re: Major Security Hole (Kenneth Grome 1998)
  3. Re: Major Security Hole (Peter Ostry 1998)
  4. Re: Major Security Hole (Paul Uttermohlen 1998)
  5. Re: Major Security Hole (solution with Welcome) (Peter Ostry 1998)
  6. Re: Major Security Hole (Charles Kefauver 1998)
  7. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  8. Re: Major Security Hole (PCS Technical Support 1998)
  9. Re: Major Security Hole (Peter Ostry 1998)
  10. Re: Major Security Hole (Dan Tryon 1998)
  11. Re: Major Security Hole (Jim Turney 1998)
  12. Re: Major Security Hole (Peter Ostry 1998)
  13. Re: Major Security Hole (Paul Uttermohlen 1998)
  14. Re: Major Security Hole (Bob Minor 1998)
  15. Re: Major Security Hole (Dan Tryon 1998)
  16. Re: Major Security Hole (Brian Willson 1998)
  17. Re: Major Security Hole (Britt T. 1998)
  18. Re: Major Security Hole (Paul Uttermohlen 1998)
  19. Re: Major Security Hole (Dave MacLeay 1998)
  20. Re: Major Security Hole (Bob Minor 1998)
  21. Re: Major Security Hole (Peter Ostry 1998)
  22. Re: Major Security Hole (PCS Technical Support 1998)
  23. Major Security Hole (Paul Uttermohlen 1998)
  24. Re: Major Security Hole IIS NT (Bob Minor 1998)
  25. Re: Major Security Hole IIS NT (greg 1998)
  26. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  27. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  28. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  29. RE: Major Security Hole IIS NT (Olin 1998)
  30. Re: Major Security Hole IIS NT (Bob Minor 1998)
  31. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  32. Re: Major Security Hole IIS NT (Bob Minor 1998)
  33. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  34. Re: Major Security Hole IIS NT (Bob Minor 1998)
  35. Re: Major Security Hole IIS NT (Bob Minor 1998)
  36. Major Security Hole IIS NT (Bob Minor 1998)
  37. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  38. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  39. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  40. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  41. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  42. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  43. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
Major Security Hole,Earlier this month, Mac Webmasters got a chuckle at the security hole exposed in IIS using that text ::$DATA at the end of a url for .tpl or .asp, etc.Cool. It reveals the code that we all thought was hidden because it was processed on the server. The fix was to map .tpl::$DATA to the webcat .dll. Simple enough. It works.BUT Macs are susceptible to this as well! And you can't, or at least I couldn't, map .tmpl::$DATA to webcatalog. It still reveals the WebDNA tags. NOT good if you are showing and hiding text based on passwords like [showif [password]=3294.bob]. Now it becomes simple to find the once hidden passwords.Any body got any ideas?Anyone know why I can't map .tmpl::$DATA to Webcatalog on Webstar? Maybe the $ is the problem.Thanks, Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\_ _/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ Paul Uttermohlen

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Problem displaying search result (1997) [WebDNA] Cookie Enabled/Disabled (2013) Help with (2003) More Shopping Cart Problems (2000) Setting up shop (1997) Running a store on BOTH http and https (1998) Snake Bites (1997) Discounts (2002) webcatalog and webmerchant 2.1 (1998) WebObjects (1998) Initiating NewCart (1997) For those of you not on the WebCatalog Beta... (1997) [WebDNA] cant't restart webcatalog missing libcrypto.so.0.9.8 (2014) question: webmerchant connection (1997) Re:Running 2 two WebCatalog.acgi's (1996) Introduction/Tutorial/QuickStart (1997) New public beta available (1997) No Answer on Web Merchant Problem? (2001) Protect vs Authenicate (1997) OS X and Emailer (2002)