[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] bleh!
- Subject: Re: [cobalt-security] bleh!
- From: Anders <andersb@xxxxxxxxxxx>
- Date: Thu, 01 May 2003 09:54:50 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Jerry Bauer wrote:
> maybe someone already post this, and I missed it.
> When you create an user (no siteadmin) on the 550 and go to the following
> url:
>
> http://www.mydomain.com:444/base/user/userList.php
> Login with the user's name and password, all the domain-users can be
> edited/deleted now :(
Can they "just" be listed with the edit/delete buttons, or really changed ?
I think the CCE authentication will stop you from actually making changes.
Not to say that Sun shouldn't patch their PHP scripts from viewing them...
(BTW; It goes for all the other listings available too - vsites, swupdate)
--anders