Re: WebSTAR virtual roots with . in the foldername
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 35383
interpreted = N
texte = > >We just got an unconfirmed report that WebSTAR has trouble with>>virtual domains (folders) which contain periods in them -- two>>folders with the same beginning, like www.fred.com and www.fred.net>>get a little confused at that period. Perhaps it's some internal>>grep thing where period is matched as *any* character.>>>>Anyway, the weird symptom in this case was that WebCatalog would try>>to send out [protect] authentication MIME headers for error 404, but>>for some reason WebSTAR was interfering and *not* passing those out,>>so the effect was that you could get into admin pages without ever>>entering a password (or even being challenged).>>>>Solution: remove the periods from the virtual root folder names.>>Wrong! The solution is to fix the bug in the software.>>First reason why your solution is WRONG - we have hundreds of>thousands of files and folders. All of our virtual domain folders>contain dots -- renaming all our site folders breaks the URL paths we>have given to our clients to view their daily and monthly reports.>We would have to make the change in the name, then change the virtual>domain configuration to reflect the folder changes. And then call our>clients to tell them about the changes.>>Second reason why your solution is WRONG - most clients can barely be>trusted to FTP to their sites to change basic text, having the>ability to defeat the protect tag accidentally by naming a folder>with a period in it is by far the worst security risk one would ever>want to enable.>>I could go on...... but basically, saying we screwed up and our>software has a bug now change the file names on your server and hope>that things are still secure is a horrible solution.>>Please tell me that you are going to address this issue and quickly!Actually, if you read the bug report closely, it's a Web* problem, not a WebCat problem. Besides, you'd have to change one folder name per site and then remap in Web* Admin. If you type really slowly, this would take 1 minute per domain. As for the security risk, they're telling us how to disable a security risk caused by someone else's (Webstar's) mistake. They're not telling us to change things so that it's a greater risk.So, thank you Smith Micro for alerting us to this WebStar bug. Not all of us are on the Web* list and we probably would've only found out about this the hard way.Michael-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
> >We just got an unconfirmed report that WebSTAR has trouble with>>virtual domains (folders) which contain periods in them -- two>>folders with the same beginning, like www.fred.com and www.fred.net>>get a little confused at that period. Perhaps it's some internal>>grep thing where period is matched as *any* character.>>>>Anyway, the weird symptom in this case was that WebCatalog would try>>to send out [protect] authentication MIME headers for error 404, but>>for some reason WebSTAR was interfering and *not* passing those out,>>so the effect was that you could get into admin pages without ever>>entering a password (or even being challenged).>>>>Solution: remove the periods from the virtual root folder names.>>Wrong! The solution is to fix the bug in the software.>>First reason why your solution is WRONG - we have hundreds of>thousands of files and folders. All of our virtual domain folders>contain dots -- renaming all our site folders breaks the URL paths we>have given to our clients to view their daily and monthly reports.>We would have to make the change in the name, then change the virtual>domain configuration to reflect the folder changes. And then call our>clients to tell them about the changes.>>Second reason why your solution is WRONG - most clients can barely be>trusted to FTP to their sites to change basic text, having the>ability to defeat the protect tag accidentally by naming a folder>with a period in it is by far the worst security risk one would ever>want to enable.>>I could go on...... but basically, saying we screwed up and our>software has a bug now change the file names on your server and hope>that things are still secure is a horrible solution.>>Please tell me that you are going to address this issue and quickly!Actually, if you read the bug report closely, it's a Web* problem, not a WebCat problem. Besides, you'd have to change one folder name per site and then remap in Web* Admin. If you type really slowly, this would take 1 minute per domain. As for the security risk, they're telling us how to disable a security risk caused by someone else's (Webstar's) mistake. They're not telling us to change things so that it's a greater risk.So, thank you Smith Micro for alerting us to this WebStar bug. Not all of us are on the Web* list and we probably would've only found out about this the hard way.Michael-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Michael Winston
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
OT:looking for developers with solutions (2000)
[defined]ish (1997)
Adding discount to cart (2000)
system crashes, event log (1997)
carriage returns in data (1997)
Not really WebCat- (1997)
search form problem.. (1997)
Can you help a newbie out? (2000)
[GROUPS] followup (1997)
switching users (1998)
Text data with spaces in them... (1997)
Claris HomePage messes up the code (1997)
WebCat2b12 CGI Mac - [shownext] problem (1997)
printing twice? and fix (1997)
Converting spaces to + in results list (2000)
[encrypt] blues.... (2000)
WebCatalog can't find database (1997)
Shipping charges (1998)
$flushcache causes crash (2000)
looking for developers with solutions (2000)