• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: General Server Security Vulnerabilities (was Re: WebObjects App Open To Hackers - [ THE ENGINEER'S REPORT ])
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: General Server Security Vulnerabilities (was Re: WebObjects App Open To Hackers - [ THE ENGINEER'S REPORT ])


  • Subject: Re: General Server Security Vulnerabilities (was Re: WebObjects App Open To Hackers - [ THE ENGINEER'S REPORT ])
  • From: "Jonathan Fleming" <email@hidden>
  • Date: Wed, 09 Jul 2003 20:44:57 +0100

From: David Neumann <email@hidden>
To: Jonathan Fleming <email@hidden>
CC: email@hidden, email@hidden
Subject: Re: General Server Security Vulnerabilities (was Re: WebObjects App Open To Hackers - [ THE ENGINEER'S REPORT ])
Date: Wed, 9 Jul 2003 12:58:30 -0500


Jonathan

He stated that person that passed the message on to me was probably
panicking more than was necessary and made more of the situation than was
warranted, but the engineer pointed out that there are holes in the security
of any server.

Is the "Microsoft Engineer" now saying that someone else told him something and he just bought it? Then Relayed it to you second-hand? And Oh by the way, here's an obvious fact to fill the silence after a Homer Simpson "Doh!" moment?

No David, you might have missed the original post, the engineer was a friend of the client I was build the site for and once it was deployed the client, as they do, told friends and his clients that the site was live. When the engineer looked at it he searched around for security violations and reported back to his friend some concerns he had. Only such an alert raid serious alarm bells in the mind of the client who then got on to me rather irrate about the security state of his site.

Basically the fellow had no point whatsoever, has no knowledge of WebObjects,

True, he does not know WebObjects.

Jonathan

likes to spread FUD, and has an affinity for research based on unsubstantiated hearsay. If he doesn't make it as an engineer, he has a future as a "journalist" for CNet News.com.com.com...

d

PS: I'm curious: what ftp clients default in using port 80? Could it be that your friend's special kind of expertise extends beyond WebObjects?



On Wednesday, July 9, 2003, at 08:02 AM, B. W. Fitzpatrick wrote:


"Jonathan Fleming" <email@hidden> writes:
Right then Guys,

I got hold of the Microsoft Engineer that caused this alarm and here is what
he said...


He stated that person that passed the message on to me was probably
panicking more than was necessary and made more of the situation than was
warranted, but the engineer pointed out that there are holes in the security
of any server. What he was pointing to in particular was that

<snip>

None of these security vulnerabilities are WebObjects specific--they
apply to pretty much any server that is available on the internet.

*sigh*

-Fitz

--
Brian W. Fitzpatrick <email@hidden> http://www.red-bean.com/fitz/


_______________________________________________
WebObjects-dev mailing list
email@hidden
http://www.omnigroup.com/mailman/listinfo/webobjects-dev



_________________________________________________________________ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile _______________________________________________ webobjects-dev mailing list | email@hidden Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev Do not post admin requests to the list. They will be ignored.

  • Prev by Date: Re: WebObjects on Solaris 9
  • Next by Date: setting foreign key using an object in shared editing context (5.2.1)
  • Previous by thread: Re: WebObjects on Solaris 9
  • Next by thread: setting foreign key using an object in shared editing context (5.2.1)
  • Index(es):
    • Date
    • Thread