4 Replies Latest reply on Jul 25, 2012 5:44 AM by Ann Pro

    EPDM web server security question

    Brock Burwash

      I can copy and paste the URL from the configuration e.g. http://server name / web server name / configuration name and the person using the URL can only see the web shares which is what I expect.

       

      The security problems comes when the user shortens the URL to http://server name / web server name /  which is a fairly common way to get closer to the home page.  Then they can log in with their credentials and see EVERYTHING in the vault.

       

      Restricting access to the folders through the groups greys out the folders but you can still open them in the web browser and view and make copies all the files.

       

      I have no interest in giving away the Caramilk Secret to everybody.  How do you plug this hole?

        • Re: EPDM web server security question
          Ravi Teja

          Hi Brock,

                             They are just local files and folders...delet them from the current login (will not have any affect on files).

          and also goto user settings and in explorer select "Show files that are part of file vault" setting

           

           

           

           

           

          Regards

          Ravi T

            • Re: EPDM web server security question
              Brock Burwash

              Thanks for pointing out that they were local files.  I tried it on a non CAD computer and it worked as expected .  My users explorer setting was already set to "show only files that are part of the vault".  Even after I selected local file cleanup and clear local cache the files were still on my computer even after a reboot. The group I am logged into is set up so they can't delete files acccidentally.

              • Re: EPDM web server security question
                Chao Gu

                Yes,The user settings "Show files that are part of file vault" setting is invalid to EPDM Web Client.

                • Re: EPDM web server security question
                  Ann Pro

                  Hello Ravi,

                  My name is Anna Prochnicka, I am an antyrasista of Haking9 Magazine editor- the online publicae devoted to IT Security.

                  We are looking for authors who could provide us with some interesting articles concerning exploiting software in English version.

                   

                  Maybe you had some interessting problem in webserver security or any others problems inside webserver security in the past that you could share your knowledge with us???

                   

                  I believe you experience in this matter maight be invaluable to our readers. For more information pleace visit haking9.org or write to me anna.prochnicka@software.com.pl

                  Would you be interested in hearing more detials???

                  I will answer for any questions

                   

                   

                  I am looking forward to hearing from you.

                   

                   

                  Nice to hear soon,

                   

                  Anna Prochnicka

                  Junior Project Manager

                  anna.prochnicka@software.com.pl