Re: Major Security Hole
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18846
interpreted = N
texte = >At 16:41 Uhr 13.07.1998, Dan Tryon wrote:>>(::$DATA)>>...It only was valid in the one instance on this machine>>that we were still running Webstar 2.0 on along with Netcloak...>>It does not happen on my development machine with WebStar 2.0 (without>NetCloak), so I don't think it depends on WebCat. Do you let NetCloak>process all files, not just special suffixes - maybe WebCat too?>I suspect NetCloak steps in first, cannot interpret the WebCat tags, but>WebCat does not even see the page...>>Peter>Yes, Peter. I believe you are correct. Webcat no longer processed the filebecause it did not simply end in .tmpl. Netcloak was set to process allfiles so it served it up as if it was html and did not interpret the webDNAtags exposing them to the viewer.Using an older version of WebCat in which the users.db passwords were notencrypted created a greater risk. Perhaps now, I'll take the time tofinally upgrade WebCat. Who knows what else I don't know.Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business -
_\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\__/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Associated Messages, from the most recent to the oldest:
>At 16:41 Uhr 13.07.1998, Dan Tryon wrote:>>(::$DATA)>>...It only was valid in the one instance on this machine>>that we were still running Webstar 2.0 on along with Netcloak...>>It does not happen on my development machine with WebStar 2.0 (without>NetCloak), so I don't think it depends on WebCat. Do you let NetCloak>process all files, not just special suffixes - maybe WebCat too?>I suspect NetCloak steps in first, cannot interpret the WebCat tags, but>WebCat does not even see the page...>>Peter>Yes, Peter. I believe you are correct. Webcat no longer processed the filebecause it did not simply end in .tmpl. Netcloak was set to process allfiles so it served it up as if it was html and did not interpret the webDNAtags exposing them to the viewer.Using an older version of WebCat in which the users.db passwords were notencrypted created a greater risk. Perhaps now, I'll take the time tofinally upgrade WebCat. Who knows what else I don't know.Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\__/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Paul Uttermohlen
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebDNA 5.0 Questions (2003)
[protect] (2000)
dates and hex formatting (1997)
WebCatalog for Postcards ? (1997)
For those of you not on the WebCatalog Beta... (1997)
thankyou.tmpl (1997)
Using [Include] Context (1999)
WebCat2 - storing unformatted date data? (1997)
Re:Realtime Transaction Processing (1999)
New Command prefs ... (1997)
Ad Serving Software (2002)
Error:Too many nested [xxx] contexts (1997)
Re(5): Small Bug: ErrorLog.txt/[FORMVARIABLES]/[ORDERFILE] (1998)
Cancel Subscription (1996)
Shopping with Accounts (2003)
WebCat b13 CGI -shownext- (1997)
WebCatalog 3 manual (1998)
jpeg upload compression (fixed) (2002)
More Applescript (1997)
Authorize net down? (2005)