[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] CGIWrap Problems Solved

Subject: RE: [cobalt-users] CGIWrap Problems Solved
From: "Dan Kriwitsky" <webhosting@xxxxxxxxx>
Date: Sun Nov 25 03:47:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> So instead you threw out all your security.
>
> I lsure hope you're using a carefully written Bulletin Board; you've
> just given the world "write" access to the user the program runs on.
> And you've given the world the source code to the program as well, so
> they can look for holes.
>

I proved that to a friend when I ran the HTML code from a bulletin board on
my desktop and was able to post to his bulletin board without registering as
a user on his supposedly secure bulletin board that was storing your email
address in the HTML after you signed up. I just copied the HTML, changed the
email address in the code to something else, and posted from my desktop.
CHMOD 777 is great for that. ;-)
--
Dan Kriwitsky

References:
- Re: [cobalt-users] CGIWrap Problems Solved
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-users] 4R - Web Redirection OT
Next by Date: RE: [cobalt-users] Neomail + SSL + RAQ2
Previous by thread: Re: [cobalt-users] CGIWrap Problems Solved
Next by thread: Re: [cobalt-users] sub domain - without www

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index