Re: WidgetSoftware Downloads
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 48191
interpreted = N
texte = Excellent feedback!I think I've solved this issue by simply adding an index.html with a Forbidden error message into the WebDelivery folder. What do you think? Too simple a security plug?Again, thank you. Very much appreciated.MKOn Thursday, February 27, 2003, at 04:51 PM, Michael Davis wrote:> Marc,> Looks like you've got a good start on this. I have one comment after > giving it a try. There is still a security issue. Once I entered a > correct reg key, I was given a form button to download the file. I > checked the source code and found the directory structure. The server > has directory indexing turned on, so I was able to browse to other web > delivery folders and see/download other files there. You could > probably go a couple directions to solve this. First, turn off > directory indexing. Another approach would be to do some security > checking in a tpl file and then either redirect, which is not totally > secure either, or include the file inside a [returnraw] context. > [ReturnRaw] will work and is the most secure of the options, but the > downloaded file will be the name of the tpl file, which can cause > troubles on the user's end.>> MikeSigned: Marc Kaiwi-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Excellent feedback!I think I've solved this issue by simply adding an index.html with a Forbidden error message into the WebDelivery folder. What do you think? Too simple a security plug?Again, thank you. Very much appreciated.MKOn Thursday, February 27, 2003, at 04:51 PM, Michael Davis wrote:> Marc,> Looks like you've got a good start on this. I have one comment after > giving it a try. There is still a security issue. Once I entered a > correct reg key, I was given a form button to download the file. I > checked the source code and found the directory structure. The server > has directory indexing turned on, so I was able to browse to other web > delivery folders and see/download other files there. You could > probably go a couple directions to solve this. First, turn off > directory indexing. Another approach would be to do some security > checking in a tpl file and then either redirect, which is not totally > secure either, or include the file inside a [returnraw] context. > [returnraw] will work and is the most secure of the options, but the > downloaded file will be the name of the tpl file, which can cause > troubles on the user's end.>> MikeSigned: Marc Kaiwi-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
marc@kaiwi.com (Marc Kaiwi)
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCat2b15MacPlugin - showing [math] (1997)
Old Style vs XML Syntax (2003)
Forcing a NEWCART (1997)
IE Cache Problems... (1999)
ANNC: MerchantMaker releases SuperCatalog v2.1 (2000)
[Fwd: Rotating Banners ... (was LinkExchange)] (1997)
Re:quit command on NT (1997)
Credit card types (1997)
LinkExchange (1997)
emailer w/F2 (1997)
Comments in db? (1997)
changing order number (1998)
[AppendFile] problem (WebCat2b13 Mac .acgi) (1997)
Emailer problems. (1998)
Memory Error message (1998)
WebCat2_Mac RETURNs in .db (1997)
t or f (1997)
Nested tags count question (1997)
Not really WebCat (1997)
WC2b15 - [HTMLx]...[/HTMLx] problems (1997)