; [mailto:[EMAIL PROTECTED] Behalf Of Jay Sudowski -
> Handy Networks LLC
> Sent: Wednesday, April 05, 2006 9:22 AM
> To: Declude.JunkMail@declude.com
> Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out
>
>
> Release notes still are not updated. Guess I will never know what else
@declude.com
Subject: [Declude.JunkMail] Declude 4.1 Is Out
http://www.declude.com/Articles.asp?ID=186
Aside from the web admin, are there any other fixes or feature
enhancements? The release notes reference 4.0.9.4 ...
Thanks!
-
Jay Sudowski // Handy Networks LLC
Director of Technical Operations
etely
misinformed information and I will be happy to continue rebutting your
posts.
-Jay
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, April 03, 2006 8:47 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Declude 4
CTED] On Behalf Of Matt
Sent: Monday, April 03, 2006 6:27 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out
Kevin, IIS 6 has built in protection from double encoding by default (like "..%5c" or
".%2e/" instead of "../"), and I als
dness
gracious.
-Jay
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt
Sent: Monday, April 03, 2006 6:27 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out
Kevin, IIS 6 has built in protection from d
the parent paths setting.
Kevin Bilbee
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Matt
Sent: Monday, April 03, 2006 2:38 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out
Jay,
This is in
e.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Declude
4.1 Is Out
Install url scan and use the IIS lockdown tool. this will stop all
../../../ attacks dead in their tracks. Rerardless of the parent
paths setting.
Kevin
Bilbee
-Original Message-From:
[EMAIL
: [Declude.JunkMail] Declude 4.1 Is Out
Jay,
This is incorrect. You can traverse directories within your root using "../"
with Parent Paths disabled, but if you enable it, you can go outside your root
so long as the file permissions allow it. Here's a quote from the KB article
tha
, 2006 2:38 PMTo:
Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude
4.1 Is Out
Jay,This
is incorrect. You can traverse directories within your root using "../"
with Parent Paths disabled, but if you enable it, you can go outside your root
so long as the file p
5:30 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out
Wrongg.
Enabling parent paths doesn't allow you to actually enter ../../../../../ and
transverse directories into your URL string!
http://support.microsoft.com/default.aspx?scid=kb;en-us;
[mailto:[EMAIL PROTECTED]] On Behalf Of Matt
Sent: Monday, April 03, 2006 5:27 PM
To: Declude.JunkMail@declude.com
Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out
I beg to differ. IMO, Enabling Parent Paths is one of the biggest security risks for a Web server, and IIS disables them by default
abled would be a
.01, assuming your NTFS permissions are tight.
-Jay
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists)
Sent: Monday, April 03, 2006 5:09 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out
, assuming your NTFS permissions are tight.
-Jay
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of John T (Lists)
Sent: Monday, April 03, 2006 5:09 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out
>From the readme.h
(Lists)
Sent: Monday, April 03, 2006 5:09 PM
To: Declude.JunkMail@declude.com
Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out
>From the readme.html:
"Parent paths must be enabled."
Sorry, no they will not be enabled. That is a security risk I am not
going
to open up on my server.
Joh
TED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Jay Sudowski - Handy Networks LLC
> Sent: Monday, April 03, 2006 1:45 PM
> To: Declude.JunkMail@declude.com
> Subject: [Declude.JunkMail] Declude 4.1 Is Out
>
> http://www.declude.com/Articles.asp?ID=186
>
> A
http://www.declude.com/Articles.asp?ID=186
Aside from the web admin, are there any other fixes or feature
enhancements? The release notes reference 4.0.9.4 ...
Thanks!
-
Jay Sudowski // Handy Networks LLC
Director of Technical Operations
Providing Shared, Reseller, Semi Managed and Fully Man
16 matches
Mail list logo