Guys,
I've been poking around a Qube2 and I'm a bit concerned about the lack of
security or how vulnerable the SMB shares are due to the web service.
It may not be likely, but a web browser can gain read access to files in
a group share (i.e /home/groups/groupname/) without having to supply a
username and password if the name of a subdirectory is known or almost
any file if index.html is not present as the web server returns the index
for the directory.
Am I missing something here?
Is there a config option to change the behaviour of the web server such
that it will NOT return an index when the default page (index.html) is
not present?
What is the scope of a .htaccess file? Does it control access to just
the directory its in, or subdirectories as well?
Is it possible to simply enble/disable web access to group directories on
a case by case basis (e.g on for /home/groups/home/ and
/home/groups/intranet/, off for all other groups)?
Cheers, Malcolm
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Information Alchemy Pty Ltd
ACN 089 239 305
Canberra, Australia
Malcolm McLeary Mobile: 0412 636 086
Managing Director Email: mim@xxxxxxxxxx
This message was sent using Claris Emailer 2.0v3 for Macintosh.
Sun Cobalt and other Linux administration by Zeffie
A Sun Cobalt and Linux Specialist Since 1999
Sun Cobalt Repairs, Development, and Maintenance.
Home of the Worlds Largest Collection of Sun Cobalt Updates!
Sun Cobalt Spam Filter, Security, Firewall, Anti Virus Products.
734-454-9117 US Toll Free 800-231-4459
Copyright 2009 by Electronic Consultants Inc.