Re: WidgetSoftware Downloads

This WebDNA talk-list message is from

2003

It keeps the original formatting. numero = 48191
interpreted = N
texte = Excellent feedback!I think I've solved this issue by simply adding an index.html with a Forbidden error message into the WebDelivery folder. What do you think? Too simple a security plug?Again, thank you. Very much appreciated.MKOn Thursday, February 27, 2003, at 04:51 PM, Michael Davis wrote:> Marc,> Looks like you've got a good start on this. I have one comment after > giving it a try. There is still a security issue. Once I entered a > correct reg key, I was given a form button to download the file. I > checked the source code and found the directory structure. The server > has directory indexing turned on, so I was able to browse to other web > delivery folders and see/download other files there. You could > probably go a couple directions to solve this. First, turn off > directory indexing. Another approach would be to do some security > checking in a tpl file and then either redirect, which is not totally > secure either, or include the file inside a [returnraw] context. > [ReturnRaw] will work and is the most secure of the options, but the > downloaded file will be the name of the tpl file, which can cause > troubles on the user's end.>> MikeSigned: Marc Kaiwi-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

Re: WidgetSoftware Downloads (marc@kaiwi.com (Marc Kaiwi) 2003)
Re: WidgetSoftware Downloads (Michael Davis 2003)
WidgetSoftware Downloads (marc@kaiwi.com (Marc Kaiwi) 2003)

Excellent feedback!I think I've solved this issue by simply adding an index.html with a Forbidden error message into the WebDelivery folder. What do you think? Too simple a security plug?Again, thank you. Very much appreciated.MKOn Thursday, February 27, 2003, at 04:51 PM, Michael Davis wrote:> Marc,> Looks like you've got a good start on this. I have one comment after > giving it a try. There is still a security issue. Once I entered a > correct reg key, I was given a form button to download the file. I > checked the source code and found the directory structure. The server > has directory indexing turned on, so I was able to browse to other web > delivery folders and see/download other files there. You could > probably go a couple directions to solve this. First, turn off > directory indexing. Another approach would be to do some security > checking in a tpl file and then either redirect, which is not totally > secure either, or include the file inside a [returnraw] context. > [returnraw] will work and is the most secure of the options, but the > downloaded file will be the name of the tpl file, which can cause > troubles on the user's end.>> MikeSigned: Marc Kaiwi-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ marc@kaiwi.com (Marc Kaiwi)

DOWNLOAD WEBDNA NOW!

Re: WidgetSoftware Downloads

2003

Top Articles:

Related Readings: