[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: Re: RE: SSI Vuln on cobalt

Subject: [cobalt-security] Re: Re: RE: SSI Vuln on cobalt
From: Chris Adams <cmadams@xxxxxxxxxx>
Date: Tue, 23 Apr 2002 10:11:15 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Once upon a time, Jeff Lasman <jblists@xxxxxxxxxxxxx> said:
> Chris Adams wrote:
> > And, as others and I mentioned, that doesn't work.  All the site admin
> > has to do is delete your root-created .htaccess file or create a
> > subdirectory.
> 
> What about Larry Smith's suggestion?

If that is the one about limiting uploads with proftpd, then that might
work if you block enough files (for example, I know he missed
.procmailrc - I don't know what else though).

The other thing about this is that by doing so, you've also denied your
sites normal capabilities such as password protecting part of their site
or anything else you can do from .htaccess.
-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

References:
- Re: [cobalt-security] RE: SSI Vuln on cobalt
  - From: Brett Wright
- Re: [cobalt-security] RE: SSI Vuln on cobalt
  - From: Jeff Lasman
- [cobalt-security] Re: RE: SSI Vuln on cobalt
  - From: Chris Adams
- Re: [cobalt-security] Re: RE: SSI Vuln on cobalt
  - From: Jeff Lasman

Prev by Date: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
Next by Date: Re: [cobalt-security] Re: Re: Re: SSI Vuln on cobalt
Previous by thread: Re: [cobalt-security] Re: RE: SSI Vuln on cobalt
Next by thread: Re: [cobalt-security] RE: SSI Vuln on cobalt

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index