[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] All folders visable on whole server

Subject: RE: [cobalt-users] All folders visable on whole server
From: "Carrie Bartkowiak" <admin@xxxxxxxxxxxxxxxxxx>
Date: Fri Dec 22 03:25:01 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

||>> Could someone just rename the script something like
||>'notadminpro.cgi' and
||>> still run it?
||>
||>Yes, and I had mentioned that in a previous email.  However,
||>taken directly
||>from adminpro.cgi:
||>
||>#
||># DO NOT change the name of this script as its performance will
||># be adversely affected. However, you may change the extension
||># to ".pl" if ".cgi" is not supported by your server.

I just caught on to this thread, it's one of the ones that was going on
while my server was puking and I hadn't yet subscribed with my home addy.

I have to tell you, I've changed adminpro's name many times with no adverse
effects whatsoever.
Also, I have installed this for a couple of my clients, but I've hacked it
up a bit... I split the script into two parts. One goes in the user's web
directory in a password protected folder, and the main 'beef' of the script
that says "this is where you're allowed to look and mess with files" goes
into a nice system folder that they can't normally access anyway.
Part one of the script calls part two to find out where it's allowed to
look, then it goes on its merry way. The users can *only* see and change
files in their own domain.

However, this won't stop someone from uploading the script themselves and
doing damage. Should that happen, I'd be mightily pissed... but there's
really nothing we can do about it before it happens.

One thing that Craig could do to discourage would-be drive-by 'hackers' (who
would use this script, anyway), is to charge a $50 fee for it before you
download it. *Most* people will go looking elsewhere. The ones you'd have to
worry about are the ones who would write their own hacking scripts, anyway.
Methinks and hopes that the ones who would use this script would just be
curious and want to read stuff.

As far as reading stuff, I've been on plenty of servers where I could move
right up through the ftp tree until I was at the very root of the server
(/), and I could download stuff and read it. Just couldn't upload anything
or make directories, etc. (Yes, I tried, out of curiosity, not
maliciousness.)

Carrie Bartkowiak

Follow-Ups:
- Re: [cobalt-users] All folders visable on whole server
  - From: Kevin D

References:
- Re: [cobalt-users] All folders visable on whole server
  - From: Brian Curtis

Prev by Date: RE: [cobalt-users] Get me off the ORBS list
Next by Date: RE: [cobalt-users] All folders visable on whole server
Previous by thread: Re: [cobalt-users] All folders visable on whole server
Next by thread: Re: [cobalt-users] All folders visable on whole server

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index