I don't have a browser here with webfolders so I'm at a loss to do any
testing. However it is probably based on ftp, have you set your ftp
permissions globally or on a per user per vhost basis? Another thing that
comes to mind is do you have file lists turned off? They really should be.
Peter
----- Original Message -----
From: "Vital Touch DJs" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 02, 2002 7:12 PM
Subject: [sambar] WebFolders Trial {01}
Hi all,
I again was testing the WebFolders issue.
I did as one of the mailing list users said to do; I converted a couple of
basic sites to a vhosts directory in the root of the server.
When I log in using the IP address of the server, I cannot see those, since
they of course are in a different directory.
However, there still is a security issue. I can log in as another user, and
use WebFolders to a domain that the user shouldn't have access to. They
can't change or delete anything in that directory, but they sure can view
every single file that is there.
Brian Spraker - Owner
Vital Touch DJs
http://www.vtdj.com
Phone: (217) 345-9355
Pager: 1-800-412-8274 (Illinois Only)
-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/
-------------------------------------------------------
To unsubscribe please go to http://www.sambar.ch/list/
