Re: Permissions Ignored - PLEASE HELP

This WebDNA talk-list message is from

2003


It keeps the original formatting.
numero = 47116
interpreted = N
texte = This is actually a fault with the WebDNA installer just as much I think. If you move the Orders/ShoppingCarts directories as we have done to the root of the site .. Change the preference from Orders to /OrdersThe standard Apache protection that the installer adds lets this through .. Couple this with directory browsing on and you have a pretty big problem on OSX .. The security in the httpd.conf file could be a lot stronger from WebDNA's point of view IMHO .. Like locking off .inc files so they also can't be shown as raw WebDNA in a browser ..We have ours pretty well locked down now if anyone wants a copy of the webDNA specific stuff ..Alain > Yeah - we know. It would have been funny if it wasn't so serious a breach. > It was simply that directory browsing was turned on I think. > > ----- Original Message ----- > From: Alex McCombie > To: WebCatalog Talk > Sent: Thursday, January 23, 2003 2:16 PM > Subject: Re: Permissions Ignored - PLEASE HELP > > >> On 1/22/03 8:04 PM, Andrew Simpson >> wrote: >> >>> This is the company that both alain and i used to work >>> for. they configured their brand new server wrong after we left... big >>> mistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140 >> Seems they wanted to blame someone else... >> ========= >> On the other hand, publisher and managing director David Johnson said he >> believed that someone with intimate knowledge of the system had broken the >> site's security, leaving the firm exposed. >> >> You have to have inside knowledge of the site and how it was built. >> >> Johnson said it might have been a set-up where the security was switched >> off. It had to have taken a code to get into the site, to break into our >> secure server. >> ========= >> >> >> >> Alex J McCombie New World Media >> Chief Information Officer Drawer 607 >> 800/724.8973 Fair Haven, NY 13064 >> Alex@NewWorldMedia.com http://OurClients.com >> >> Interface Designer WebDNA Programmer Database Designer >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  2. Re: Permissions Ignored - PLEASE HELP (Stuart Tremain 2003)
  3. Re: Permissions Ignored - PLEASE HELP (Gary Krockover 2003)
  4. Re: Permissions Ignored - PLEASE HELP (Alain Russell 2003)
  5. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  6. Re: Permissions Ignored - PLEASE HELP (Alex McCombie 2003)
  7. Re: Permissions Ignored - PLEASE HELP (Andrew Simpson 2003)
  8. Re: Permissions Ignored - PLEASE HELP (Kenneth Grome 2003)
  9. Re: Permissions Ignored - PLEASE HELP (Bob Minor 2003)
  10. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  11. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  12. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  13. Re: Permissions Ignored - PLEASE HELP (WJ Starck 2003)
  14. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  15. Re: Permissions Ignored - PLEASE HELP (Donovan 2003)
  16. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  17. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  18. Re: Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
  19. Re: Permissions Ignored - PLEASE HELP (John Peacock 2003)
  20. Permissions Ignored - PLEASE HELP (Kimberly D. Walls 2003)
This is actually a fault with the WebDNA installer just as much I think. If you move the Orders/ShoppingCarts directories as we have done to the root of the site .. Change the preference from Orders to /OrdersThe standard Apache protection that the installer adds lets this through .. Couple this with directory browsing on and you have a pretty big problem on OSX .. The security in the httpd.conf file could be a lot stronger from WebDNA's point of view IMHO .. Like locking off .inc files so they also can't be shown as raw WebDNA in a browser ..We have ours pretty well locked down now if anyone wants a copy of the webDNA specific stuff ..Alain > Yeah - we know. It would have been funny if it wasn't so serious a breach. > It was simply that directory browsing was turned on I think. > > ----- Original Message ----- > From: Alex McCombie > To: WebCatalog Talk > Sent: Thursday, January 23, 2003 2:16 PM > Subject: Re: Permissions Ignored - PLEASE HELP > > >> On 1/22/03 8:04 PM, Andrew Simpson >> wrote: >> >>> This is the company that both alain and i used to work >>> for. they configured their brand new server wrong after we left... big >>> mistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140 >> Seems they wanted to blame someone else... >> ========= >> On the other hand, publisher and managing director David Johnson said he >> believed that someone with intimate knowledge of the system had broken the >> site's security, leaving the firm exposed. >> >> You have to have inside knowledge of the site and how it was built. >> >> Johnson said it might have been a set-up where the security was switched >> off. It had to have taken a code to get into the site, to break into our >> secure server. >> ========= >> >> >> >> Alex J McCombie New World Media >> Chief Information Officer Drawer 607 >> 800/724.8973 Fair Haven, NY 13064 >> Alex@NewWorldMedia.com http://OurClients.com >> >> Interface Designer WebDNA Programmer Database Designer >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > >> Web Archive of this list is at: http://webdna.smithmicro.com/ > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Alain Russell

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[Sum] function? (1997) WebCatalog and directory indexing (1998) Cart ID Duplication (2001) Checkbox question (1997) Separate SSL Server (1997) WCS Newbie question (1997) Replacing a Word (1999) Dynamic PDFs? (2004) WebCat2b15MacPlugin - showing [math] (1997) WC 4.02rc2/WebStar (2001) CSS problem (2000) [isfile] ? (1997) nested showif? (1998) Ruby on Rails (was Looping Search) (2006) 2.0Beta Command Ref (can't find this instruction) (1997) strange [date] behavior (2001) Emailer Problem (2000) [ModDate] & [ModTime] ? (1997) WebCatalog can't find database (1997) RE: Languages (1997)