Re: WebSTAR virtual roots with . in the foldername

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 35383
interpreted = N
texte = > >We just got an unconfirmed report that WebSTAR has trouble with>>virtual domains (folders) which contain periods in them -- two>>folders with the same beginning, like www.fred.com and www.fred.net>>get a little confused at that period. Perhaps it's some internal>>grep thing where period is matched as *any* character.>>>>Anyway, the weird symptom in this case was that WebCatalog would try>>to send out [protect] authentication MIME headers for error 404, but>>for some reason WebSTAR was interfering and *not* passing those out,>>so the effect was that you could get into admin pages without ever>>entering a password (or even being challenged).>>>>Solution: remove the periods from the virtual root folder names.>>Wrong! The solution is to fix the bug in the software.>>First reason why your solution is WRONG - we have hundreds of>thousands of files and folders. All of our virtual domain folders>contain dots -- renaming all our site folders breaks the URL paths we>have given to our clients to view their daily and monthly reports.>We would have to make the change in the name, then change the virtual>domain configuration to reflect the folder changes. And then call our>clients to tell them about the changes.>>Second reason why your solution is WRONG - most clients can barely be>trusted to FTP to their sites to change basic text, having the>ability to defeat the protect tag accidentally by naming a folder>with a period in it is by far the worst security risk one would ever>want to enable.>>I could go on...... but basically, saying we screwed up and our>software has a bug now change the file names on your server and hope>that things are still secure is a horrible solution.>>Please tell me that you are going to address this issue and quickly!Actually, if you read the bug report closely, it's a Web* problem, not a WebCat problem. Besides, you'd have to change one folder name per site and then remap in Web* Admin. If you type really slowly, this would take 1 minute per domain. As for the security risk, they're telling us how to disable a security risk caused by someone else's (Webstar's) mistake. They're not telling us to change things so that it's a greater risk.So, thank you Smith Micro for alerting us to this WebStar bug. Not all of us are on the Web* list and we probably would've only found out about this the hard way.Michael-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: WebSTAR virtual roots with . in the foldername (WebDNA Support 2000)
Re: WebSTAR virtual roots with . in the foldername (Michael Winston 2000)
Re: WebSTAR virtual roots with . in the foldername (Paul Uttermohlen 2000)
WebSTAR virtual roots with . in the foldername (WebDNA Support 2000)

> >We just got an unconfirmed report that WebSTAR has trouble with>>virtual domains (folders) which contain periods in them -- two>>folders with the same beginning, like www.fred.com and www.fred.net>>get a little confused at that period. Perhaps it's some internal>>grep thing where period is matched as *any* character.>>>>Anyway, the weird symptom in this case was that WebCatalog would try>>to send out [protect] authentication MIME headers for error 404, but>>for some reason WebSTAR was interfering and *not* passing those out,>>so the effect was that you could get into admin pages without ever>>entering a password (or even being challenged).>>>>Solution: remove the periods from the virtual root folder names.>>Wrong! The solution is to fix the bug in the software.>>First reason why your solution is WRONG - we have hundreds of>thousands of files and folders. All of our virtual domain folders>contain dots -- renaming all our site folders breaks the URL paths we>have given to our clients to view their daily and monthly reports.>We would have to make the change in the name, then change the virtual>domain configuration to reflect the folder changes. And then call our>clients to tell them about the changes.>>Second reason why your solution is WRONG - most clients can barely be>trusted to FTP to their sites to change basic text, having the>ability to defeat the protect tag accidentally by naming a folder>with a period in it is by far the worst security risk one would ever>want to enable.>>I could go on...... but basically, saying we screwed up and our>software has a bug now change the file names on your server and hope>that things are still secure is a horrible solution.>>Please tell me that you are going to address this issue and quickly!Actually, if you read the bug report closely, it's a Web* problem, not a WebCat problem. Besides, you'd have to change one folder name per site and then remap in Web* Admin. If you type really slowly, this would take 1 minute per domain. As for the security risk, they're telling us how to disable a security risk caused by someone else's (Webstar's) mistake. They're not telling us to change things so that it's a greater risk.So, thank you Smith Micro for alerting us to this WebStar bug. Not all of us are on the Web* list and we probably would've only found out about this the hard way.Michael-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Michael Winston

DOWNLOAD WEBDNA NOW!

Re: WebSTAR virtual roots with . in the foldername

2000

Top Articles:

Related Readings: