[phorm] [Phorm:] Security Hole
- From: webbbs@xxxxxxxxx
- To: support@xxxxxxxxx
- Date: 2 Mar 2004 13:31:02 -0000
The following new message has been posted on Phorm Support Forum at
<http://www.phorm.com/support/>.
***************************************************************************
MESSAGE: (#3793) Security Hole
<http://www.phorm.com/support/?rev=3793>
AUTHOR: superwebgirl
DATE: March 2, 2004 at 8:31 a.m. EST
Hi,
I am by NO MEANS an expert in this area, but I did notice that if you do not
put an "index.html" file in each of the directories, they are vulnerable to
being downloaded.
I just tried to hack my own installation, and I was successful. (scary thought
that *I* could do it!) :)
Just a suggestion that maybe in future releases of Phorm, perhaps an
"index.html" should be included in each directory?
Also, I'm not quite clear about *why* we don't need to adjust file
permissions? I'm used to using Perl, and file permissions are always set when
using a Perl script. Wouldn't it be better to limit them as much as possible
for security reasons?
If so, can you send me a list of the permissions?
I would truly appreciate a response from someone (anyone) on this since I am
NOT an expert.
Thanks!
***************************************************************************
This is an automatically-generated notice. If you'd like to be removed from
the mailing list, please visit Phorm Support Forum at
<http://www.phorm.com/support/>, or send your request to webbbs@xxxxxxxxxx If
you wish to respond to this message, please post your response directly to the
board. Thank you!
-------------------------------------------------
You are receiving this message because you are subscribed to the Phorm mailing
list. To send messages to the mailing list, simply send email to
phorm@xxxxxxxxxxxxx from the address you have subscribed. You may unsubscribe
from the list by sending email to phorm-request@xxxxxxxxxxxxx with
'unsubscribe' in the SUBJECT field.
Other related posts:
- » [phorm] [Phorm:] Security Hole
