The WorksForWeb Community Forums
Welcome to the WorksForWeb community forums. Here you can discuss WorksForWeb products with others and contribute to the rapidly growing WorksForWeb community. Please note that while WorksForWeb staff try to maintain presence on the forums, this is not the most reliable way to contact WorksForWeb staff. In case you require a timely response from WorksForWeb on an issue, please open a support ticket here. For pre-sales questions, please open a sales ticket here.

Welcome, Guest. Please login or register.
May 21, 2012, 09:04:18 PM

Login with username, password and session length
Search:     Advanced search
Added the iLister-related Boards

Rate My Site Boards Added

Merged iAuto and iRealty Support Forums together

Several new tips in the Tips and Tricks section
1,604 Posts in 625 Topics by 1,179 Members
Latest Member: bobsteam
* Home Help Search Login Register
+  The iAuto/iRealty/iLister Support Forum
|-+  iAuto and iRealty v.2.x - 3.x
| |-+  General iAuto Discussions
| | |-+  iAuto script security risk		 « previous next »
Pages: [1] Print
Author Topic: iAuto script security risk  (Read 1423 times)
phucdaat
Newbie
*

Karma: 0
Posts: 5


View Profile
« on: August 03, 2007, 03:57:46 AM »
Just wondering bout the security risk on the iAuto script. For example: I can just type in the browser address bar to the path of system or any directories and I'm able to get in. Not only that the the files are set to be writetable. Is that going to be a big security issue here???
Logged
phucdaat
Newbie
*

Karma: 0
Posts: 5


View Profile
« Reply #1 on: August 06, 2007, 12:42:13 PM »
Are there any staffs watching the forum?  Huh
Logged
highnote
Newbie
*

Karma: 1
Posts: 38


View Profile
« Reply #2 on: August 07, 2007, 07:46:44 PM »
Great Question.  I was wondering about this myself and when you brought it up, I began investigating it.
There is a fairly easy fix, though I had not tested it thoroughly for side-effects it seems to work in my configuration:

1) Create an error directory off the root called /error
2) Create an html page (called error.html) with an error message and FTP it into the new error directory: see attached file
3) Modify the .htaccess file in the root directory and add the following 4 lines at the end:

Options -Indexes
ErrorDocument 404 /error/error.html
ErrorDocument 403 /error/error.html
ErrorDocument 401 /error/error.html

-------------------------------
Direct accesses to directories should now fail by displaying the file /error/error.html

For more information, please read the entire article:
http://www.closetnoc.org/help/security.html

Regards,
Lou
Logged
phucdaat
Newbie
*

Karma: 0
Posts: 5


View Profile
« Reply #3 on: August 11, 2007, 03:06:36 PM »
Great! seems to work just fine. Thanks Lou
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Classified Software by Worksforweb Powered by SMF 1.1.8 | SMF © 2006-2008, Simple Machines LLC Valid XHTML 1.0! Valid CSS!