Re: Major Security Hole

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18828
interpreted = N
texte = >Oh crap! I get someting similar I can see all of my groups and user >names but the passwords appear as a string of weird characters. Now I >don't know if the characters can be interpreted or if it is just garbage. >I would prefer that nothing gets returned. > >I get the user group text string returned if I request: > >http://server.com/webcatalog/users.db::$data > >I also get the text string returned if I only request: > >http://server.com/webcatalog/users.db: > >I run a mac - webstar 2.1 and netcloak >I do NOT allow all webcatalog commands!Yes, Oh crap! Us, too! Except there was no garbage of any kind to interpret, just straight user, pass, groups data in easily readable text with either of these URLs above modified with our domain name.We are on WebSTAR 2.1 and WebCat 2.0.1 (no NetCloak but we run DynaMorph, Rumpus Pro, SiteEdit Pro, FlexMail and HomeDoor) and we do not allow all WebCatalog commands either (just the default).WebCatalog is off line until this is resolved. Associated Messages, from the most recent to the oldest:

    
  1. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  2. Re: Major Security Hole (Kenneth Grome 1998)
  3. Re: Major Security Hole (Peter Ostry 1998)
  4. Re: Major Security Hole (Paul Uttermohlen 1998)
  5. Re: Major Security Hole (solution with Welcome) (Peter Ostry 1998)
  6. Re: Major Security Hole (Charles Kefauver 1998)
  7. Re: Major Security Hole (solution with Welcome) (Andreas Pardeike 1998)
  8. Re: Major Security Hole (PCS Technical Support 1998)
  9. Re: Major Security Hole (Peter Ostry 1998)
  10. Re: Major Security Hole (Dan Tryon 1998)
  11. Re: Major Security Hole (Jim Turney 1998)
  12. Re: Major Security Hole (Peter Ostry 1998)
  13. Re: Major Security Hole (Paul Uttermohlen 1998)
  14. Re: Major Security Hole (Bob Minor 1998)
  15. Re: Major Security Hole (Dan Tryon 1998)
  16. Re: Major Security Hole (Brian Willson 1998)
  17. Re: Major Security Hole (Britt T. 1998)
  18. Re: Major Security Hole (Paul Uttermohlen 1998)
  19. Re: Major Security Hole (Dave MacLeay 1998)
  20. Re: Major Security Hole (Bob Minor 1998)
  21. Re: Major Security Hole (Peter Ostry 1998)
  22. Re: Major Security Hole (PCS Technical Support 1998)
  23. Major Security Hole (Paul Uttermohlen 1998)
  24. Re: Major Security Hole IIS NT (Bob Minor 1998)
  25. Re: Major Security Hole IIS NT (greg 1998)
  26. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  27. Re: Major Security Hole IIS NT (Kenneth Grome 1998)
  28. RE: Major Security Hole IIS NT (PCS Technical Support 1998)
  29. RE: Major Security Hole IIS NT (Olin 1998)
  30. Re: Major Security Hole IIS NT (Bob Minor 1998)
  31. Re: Major Security Hole IIS NT (PCS Technical Support 1998)
  32. Re: Major Security Hole IIS NT (Bob Minor 1998)
  33. Re: Major Security Hole IIS NT (Peter Ostry 1998)
  34. Re: Major Security Hole IIS NT (Bob Minor 1998)
  35. Re: Major Security Hole IIS NT (Bob Minor 1998)
  36. Major Security Hole IIS NT (Bob Minor 1998)
  37. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  38. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  39. Re: Major Security Hole IIS NT (Chuck Wall 1998)
  40. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  41. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  42. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
  43. Re: Major Security Hole IIS NT (Raymond Hatch 1998)
>Oh crap! I get someting similar I can see all of my groups and user >names but the passwords appear as a string of weird characters. Now I >don't know if the characters can be interpreted or if it is just garbage. >I would prefer that nothing gets returned. > >I get the user group text string returned if I request: > >http://server.com/webcatalog/users.db::$data > >I also get the text string returned if I only request: > >http://server.com/webcatalog/users.db: > >I run a mac - webstar 2.1 and netcloak >I do NOT allow all webcatalog commands!Yes, Oh crap! Us, too! Except there was no garbage of any kind to interpret, just straight user, pass, groups data in easily readable text with either of these URLs above modified with our domain name.We are on WebSTAR 2.1 and WebCat 2.0.1 (no NetCloak but we run DynaMorph, Rumpus Pro, SiteEdit Pro, FlexMail and HomeDoor) and we do not allow all WebCatalog commands either (just the default).WebCatalog is off line until this is resolved. Jim Turney

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Redirect (1998) [WebDNA] WebDNA 6.1 Info (2008) WebCat2b15MacPlugin - [protect] (1997) Resetting a Formvariable (2000) emailer 150 (1997) A multi-processor savvy WebCatalog? (1997) WebCatalog2 Feature Feedback (1996) Summing fields (1997) credit card # checker ??? (2004) Absolute path (2003) Clickable maps and WebCatalog? (1996) UNSUBSCRIBE ME (2004) [taxrate] question (1997) b12 cannot limit records returned and more. (1997) Re2: frames & carts (1997) Updating a database once per day - An example (1998) WebCat cannot handle compatible search parameters? (1997) SetMIMEHeader ATTN:John P. (2001) creator code (1997) errors 550, and 108 (1998)