[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-developers] Uneasy with Sausalito
- Subject: [cobalt-developers] Uneasy with Sausalito
- From: vic@xxxxxxx
- Date: Sun Jan 14 15:56:00 2001
- List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>
As I was growing happier with my understanding of the Sausalito
architecture, and showing off to my collaborators, on of them brought
something to my attentions has made me a bit uneasy: the URLs for ALL the
interface are embeded in javascript code in the base page for the frameset
of any logged in user.
You can see for yourselves, just log in as any unprivileged user, click on
view page source (for the main frame page), and there you are, links you
can cut and paste in your browser after the :444. Altough it does not
abbide to any change you try to make (I have even set up a page to be
displayed in the big center-right frame, the data is sent but produces
lots of errors), it reveals information that is certainly not for public
consumption.
It's is not my style to point at an error without giving a solution or, at
least, having investigated. I have not yet discovered what is it, but I'm
mostly sure there is something wrong in the access rights checking in
SiteMap.php, maybe someone at Cobalt can shed some ligth. It is too late
in my time zone to go on now.
Worried-about-backdoors-ly yours, Vic
-------------------------------------------------------------------------------
G & S Sistemas de Informacion, S.L. | Phones:
Victoriano Giralt | Land line: +34-952-207-048
Chief Consultant and Owner | Mobile: +34-670-332-720
Torre de San Telmo, 8 | Fax: Use e-mail, looks nicer
E-29018 Malaga (Spain) | E-mail: vic@xxxxxxx
Member of ISOC (Andalusian Chapter) | http://www.gssi.es/
-------------------------------------------------------------------------------