Re: WebObjects App Open To Hackers - So I'm Told
Re: WebObjects App Open To Hackers - So I'm Told
- Subject: Re: WebObjects App Open To Hackers - So I'm Told
- From: Dario Bagatto <email@hidden>
- Date: Fri, 4 Jul 2003 19:22:00 +0200
Hi,
OK guys I hear what you are all saying so i'm going to give you the
address in question live:
http://217.65.164.40/cgi-bin/WebObjects.dll/JandM.woa/1/wa/Terms
Is this address a sucrity issue?
The only thing I found so far is that you have port 56789 open on
which you have a running JavaMonitor.
It's good that you have set a password on JavaMonitor but anyhow if
someone can hack your password he has access to JavaMonitor and could
shut down your application for instance. And as far as I know the
password you enter is transferred in clear text over http.
I would close Port 56789 on the firewall.
Dario
--
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.