[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RE: SSI Vuln on cobalt

Subject: Re: [cobalt-security] RE: SSI Vuln on cobalt
From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Apr 2002 11:40:53 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

But jeff,
After doing what you say, the user interface errors out when making changes!

At 09:18 AM 4/22/2002, you wrote:

Brett Wright wrote:

> Thats quite a nice way of doing it, but that still doesnt stop users from
> uploading htaccess.txt and then renaming it on the server using there FTP
> client.
>
> It looks almost impossible to stop users doing this, basically it gives
> them the same access as what shell would.

Easy way, as I mentioned in an earlier reply, install a root-owned
.htaccess file in the /web folder.  Then your site-admin won't be able
to upload one.

Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] RE: SSI Vuln on cobalt
  - From: Jeff Lasman

References:
- Re: [cobalt-security] RE: SSI Vuln on cobalt
  - From: Brett Wright
- Re: [cobalt-security] RE: SSI Vuln on cobalt
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-security] Re: SSI Vuln on cobalt
Next by Date: Re: [cobalt-security] RE: SSI Vuln on cobalt
Previous by thread: Re: [cobalt-security] RE: SSI Vuln on cobalt
Next by thread: Re: [cobalt-security] RE: SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index