Re: [cobalt-users] Everyone can view all users (RAQ5)

["Eivind Ravndal" <eivind@xxxxxxxxxxx>]

Thanks !


Mvh,
Regards,
Eivind Ravndal
NetPower Int

----- Original Message ----- 
From: "Bob Noordam" <bno@xxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, September 02, 2003 4:13 PM
Subject: RE: [cobalt-users] Everyone can view all users (RAQ5)


>
>
>
> > Onderwerp: [cobalt-users] Everyone can view all users (RAQ5)
> >
> >
> > If you go to this url and log in using a siteadmin username and
password,
> > you get a list of all users on the Cobalt. Anyone know how to
> > secure this ?
> >
> > http://hostname:444/base/user/userList.php
> >
> >
> > Mvh,
> > Regards,
> > Eivind Ravndal
> > NetPower Int
> >
>
>
> hehe this topic turns up every three months or so, there has been
discussion
> about here and in the forums on the sun site some times. Someone posted a
> php fix a while back on one of the lists
>
> If you are going to search the archives, keyword "userlist.php" is the
best
> start.
>
> PS. Note that it is "only" viewing, modifying gives errors.
>
>
>
>
> Somone worth contacting, for they sure have a solution:
>
> From: "Anders" <andersb AT blacksun.ca>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Sent: Tuesday, May 06, 2003 3:36 AM
> Subject: Re: [cobalt-users] userList.php possible exploit
>
> >
> > I haven't seen an official response yet, though.
> > Solution (security patch) is around 6 lines of code.
> > I'll see what I can do, about us releasing a package?
> >
> > --anders
> > BlackSun Inc.
> > http://www.blacksun.ca
>
>
>
>
>
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
>