Re: [WebDNA] path traversal
This WebDNA talk-list message is from 2020
It keeps the original formatting.
numero = 115085
interpreted = N
texte = 2714You can always use [orderfile file=3D^secretfolder/[cart]]RegardsStuart TremainPharoah Lane SoftwareSuite 16, 20 Burlington StreetCrows Nest NSW 2065AUSTRALIA+612 8971 4431> On 14 Apr 2020, at 5:56 pm, talk@webdna.us wrote:>=20> =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20> https://portswigger.net/web-security/file-path-traversal>=20> and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i=s located usually under a website folder is not a good practice.> How do i move the creation of files from the directory under the website f=orlder to be under the Globals so it=E2=80=99ll be protected from such kind o=f attack ?>=20> I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ?>=20> I use CentOS 7 and=20>=20> Yours,>=20> Yariv---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list talk@webdna.us> To unsubscribe, E-mail to: talk-leave@webdna.us> archives: http://www.webdna.us/page.dna?numero=3D55> Bug Reporting: support@webdna.us---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list talk@webdna.usTo unsubscribe, E-mail to: talk-leave@webdna.usarchives: http://www.webdna.us/page.dna?numero=3D55Bug Reporting: support@webdna.us.
Associated Messages, from the most recent to the oldest:
2714You can always use [orderfile file=3D^secretfolder/
[cart]]RegardsStuart TremainPharoah Lane SoftwareSuite 16, 20 Burlington StreetCrows Nest NSW 2065AUSTRALIA+612 8971 4431> On 14 Apr 2020, at 5:56 pm, talk@webdna.us wrote:>=20> =EF=BB=BFA security friend told me about "path traversal=E2=80=9D=20> https://portswigger.net/web-security/file-path-traversal>=20> and told me that the idea that the =E2=80=9CShoppingCarts=E2=80=9D folder i=s located usually under a website folder is not a good practice.> How do i move the creation of files from the directory under the website f=orlder to be under the Globals so it=E2=80=99ll be protected from such kind o=f attack ?>=20> I made such directory elsewhere but didn=E2=80=99t know how to make WebDNA= use it ?>=20> I use CentOS 7 and=20>=20> Yours,>=20> Yariv---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list talk@webdna.us> To unsubscribe, E-mail to: talk-leave@webdna.us> archives: http://www.webdna.us/page.dna?numero=3D55> Bug Reporting: support@webdna.us---------------------------------------------------------This message is sent to you because you are subscribed tothe mailing list talk@webdna.usTo unsubscribe, E-mail to: talk-leave@webdna.usarchives: http://www.webdna.us/page.dna?numero=3D55Bug Reporting: support@webdna.us.
Stuart Tremain
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Install Webcatalog under NT4.0 and Microsoft IIS 2.0 (1997)
Links inside of Text Areas (2000)
WebMerchant & CC Response (2002)
RE:It just Does't add up!!! (1997)
Template Encryption (1998)
carriage returns in data (1997)
Search/sort in URL Was: GuestBook example (1997)
Template Encrypt Speed (1998)
[lowercase] context? (1999)
Installing WebDNA on Linux (2007)
I need to get a [grep] (2003)
Pixel Pipe & Auto Resizing of images (2002)
Emailer setup (1997)
Re2: Calculating multiple shipping... (1997)
Another question (1997)
problems with 2 tags shakur (1997)
Multiple prices (1997)
WebCat2b15MacPlugin - showing [math] (1997)
Looking up two prices in database? (1997)
Help with Repost Data msg from form (1997)