Re: Major Security Hole

This WebDNA talk-list message is from

1998

It keeps the original formatting. numero = 18846
interpreted = N
texte = >At 16:41 Uhr 13.07.1998, Dan Tryon wrote:>>(::$DATA)>>...It only was valid in the one instance on this machine>>that we were still running Webstar 2.0 on along with Netcloak...>>It does not happen on my development machine with WebStar 2.0 (without>NetCloak), so I don't think it depends on WebCat. Do you let NetCloak>process all files, not just special suffixes - maybe WebCat too?>I suspect NetCloak steps in first, cannot interpret the WebCat tags, but>WebCat does not even see the page...>>Peter>Yes, Peter. I believe you are correct. Webcat no longer processed the filebecause it did not simply end in .tmpl. Netcloak was set to process allfiles so it served it up as if it was html and did not interpret the webDNAtags exposing them to the viewer.Using an older version of WebCat in which the users.db passwords were notencrypted created a greater risk. Perhaps now, I'll take the time tofinally upgrade WebCat. Who knows what else I don't know.Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\__/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ Associated Messages, from the most recent to the oldest:

Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998) Re: Major Security Hole (Kenneth Grome 1998) Re: Major Security Hole (Peter Ostry 1998) Re: Major Security Hole (Paul Uttermohlen 1998) Re: Major Security Hole (solution with Welcome) (Peter Ostry 1998) Re: Major Security Hole (Charles Kefauver 1998) Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998) Re: Major Security Hole (PCS Technical Support 1998) Re: Major Security Hole (Peter Ostry 1998) Re: Major Security Hole (Dan Tryon 1998) Re: Major Security Hole (Jim Turney 1998) Re: Major Security Hole (Peter Ostry 1998) Re: Major Security Hole (Paul Uttermohlen 1998) Re: Major Security Hole (Bob Minor 1998) Re: Major Security Hole (Dan Tryon 1998) Re: Major Security Hole (Brian Willson 1998) Re: Major Security Hole (Britt T. 1998) Re: Major Security Hole (Paul Uttermohlen 1998) Re: Major Security Hole (Dave MacLeay 1998) Re: Major Security Hole (Bob Minor 1998) Re: Major Security Hole (Peter Ostry 1998) Re: Major Security Hole (PCS Technical Support 1998) Major Security Hole (Paul Uttermohlen 1998) Re: Major Security Hole IIS NT (Bob Minor 1998) Re: Major Security Hole IIS NT (greg 1998) Re: Major Security Hole IIS NT (Kenneth Grome 1998) Re: Major Security Hole IIS NT (Kenneth Grome 1998) RE: Major Security Hole IIS NT (PCS Technical Support 1998) RE: Major Security Hole IIS NT (Olin 1998) Re: Major Security Hole IIS NT (Bob Minor 1998) Re: Major Security Hole IIS NT (PCS Technical Support 1998) Re: Major Security Hole IIS NT (Bob Minor 1998) Re: Major Security Hole IIS NT (Peter Ostry 1998) Re: Major Security Hole IIS NT (Bob Minor 1998) Re: Major Security Hole IIS NT (Bob Minor 1998) Major Security Hole IIS NT (Bob Minor 1998) Re: Major Security Hole IIS NT (Raymond Hatch 1998) Re: Major Security Hole IIS NT (Raymond Hatch 1998) Re: Major Security Hole IIS NT (Chuck Wall 1998) Re: Major Security Hole IIS NT (Raymond Hatch 1998) Re: Major Security Hole IIS NT (Raymond Hatch 1998) Re: Major Security Hole IIS NT (Raymond Hatch 1998) Re: Major Security Hole IIS NT (Raymond Hatch 1998)

>At 16:41 Uhr 13.07.1998, Dan Tryon wrote:>>(::$DATA)>>...It only was valid in the one instance on this machine>>that we were still running Webstar 2.0 on along with Netcloak...>>It does not happen on my development machine with WebStar 2.0 (without>NetCloak), so I don't think it depends on WebCat. Do you let NetCloak>process all files, not just special suffixes - maybe WebCat too?>I suspect NetCloak steps in first, cannot interpret the WebCat tags, but>WebCat does not even see the page...>>Peter>Yes, Peter. I believe you are correct. Webcat no longer processed the filebecause it did not simply end in .tmpl. Netcloak was set to process allfiles so it served it up as if it was html and did not interpret the webDNAtags exposing them to the viewer.Using an older version of WebCat in which the users.db passwords were notencrypted created a greater risk. Perhaps now, I'll take the time tofinally upgrade WebCat. Who knows what else I don't know.Paul _/_/_/_/_/_/_/_/_/_/_/_/|\_\_\_\_\_\_\_\_\_\_\_\_ _/_/_/Paul Uttermohlen, Internet Marketspace, Inc. \_\_\_\_ _/_/_/ mailto:paul@ims1.com - Website Development \_\_\_\_ _/_/_/ Business - _\_\_\_\_\_\_\_\_\_\_ _/_/_/ Real Estate - _\_\_\_\_ _/_/_/Websites - Children _/ _\_\_\__/_/_/_/_/_/_/_/_/_/_/_/_/_/ | \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ Paul Uttermohlen

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA 5.0 Questions (2003) [protect] (2000) dates and hex formatting (1997) WebCatalog for Postcards ? (1997) For those of you not on the WebCatalog Beta... (1997) thankyou.tmpl (1997) Using [Include] Context (1999) WebCat2 - storing unformatted date data? (1997) Re:Realtime Transaction Processing (1999) New Command prefs ... (1997) Ad Serving Software (2002) Error:Too many nested [xxx] contexts (1997) Re(5): Small Bug: ErrorLog.txt/[FORMVARIABLES]/[ORDERFILE] (1998) Cancel Subscription (1996) Shopping with Accounts (2003) WebCat b13 CGI -shownext- (1997) WebCatalog 3 manual (1998) jpeg upload compression (fixed) (2002) More Applescript (1997) Authorize net down? (2005)