Re: WebObjects App Open To Hackers - So I'm Told
Re: WebObjects App Open To Hackers - So I'm Told
- Subject: Re: WebObjects App Open To Hackers - So I'm Told
- From: Hsu <email@hidden>
- Date: Thu, 10 Jul 2003 06:22:35 -0700
It sounds like they think that inside the cgi-bin there is an actual
filesystem path "WebObjects.dll/Murray.woa/1/wa/Terms". There isn't;
everything after the WebObjects.dll is interpreted by the WO
application server itself.
Karl
On Thursday, July 3, 2003, at 10:21 AM, Jonathan Fleming wrote:
Recently I got onto the deployment side of WebObjects and my app is
running nice and fluently, but a Microsoft engineer got word to me
through a mutual friend that my app is fully open to hackers as it
shows the complete path to the cgi-bin through the exposed ip address
eg.:
http://nnn.nn.nnn.nn/cgi-bin/WebObjects.dll/Murray.woa/1/wa/Terms
Aparently with such an exposed address a hacker has everything they
need to get into the source and grab what they like... is this true?
If so how do I overcome this open error. By the way I'm not up on my
serverside stuff very well at all, in fact I'm only just learning it
since deploying with WebObjects so I may need some layman > explanations.
Kind regards
Jonathan :^|
_________________________________________________________________
Find a cheaper internet access deal - choose one to suit you.
http://www.msn.co.uk/internetaccess
_______________________________________________
WebObjects-dev mailing list
email@hidden
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
--
Man was predestined to have free will.
Homepage:
http://homepage.mac.com/khsu/index.html
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.