Re: WebObjects App Open To Hackers - So I'm Told
Re: WebObjects App Open To Hackers - So I'm Told
- Subject: Re: WebObjects App Open To Hackers - So I'm Told
- From: Alan Ward <email@hidden>
- Date: Thu, 3 Jul 2003 10:48:02 -0700
Does that same Microsoft engineer keep his credit card details in
Passport? ;-)
Actually I have no idea what he's referring to. Why would advertising
the relative path
from your DocRoot to cgi-bin be a security risk? Enlighten me someone!
Alan
On Thursday, July 3, 2003, at 10:21 AM, Jonathan Fleming wrote:
Recently I got onto the deployment side of WebObjects and my app is
running nice and fluently, but a Microsoft engineer got word to me
through a mutual friend that my app is fully open to hackers as it
shows the complete path to the cgi-bin through the exposed ip address
eg.:
http://nnn.nn.nnn.nn/cgi-bin/WebObjects.dll/Murray.woa/1/wa/Terms
Aparently with such an exposed address a hacker has everything they
need to get into the source and grab what they like... is this true?
If so how do I overcome this open error. By the way I'm not up on my
serverside stuff very well at all, in fact I'm only just learning it
since deploying with WebObjects so I may need some layman > explanations.
Kind regards
Jonathan :^|
_________________________________________________________________
Find a cheaper internet access deal - choose one to suit you.
http://www.msn.co.uk/internetaccess
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.