RE: [Declude.JunkMail] Declude 4.1 Is Out

; [mailto:[EMAIL PROTECTED] Behalf Of Jay Sudowski - > Handy Networks LLC > Sent: Wednesday, April 05, 2006 9:22 AM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out > > > Release notes still are not updated. Guess I will never know what else

RE: [Declude.JunkMail] Declude 4.1 Is Out

@declude.com Subject: [Declude.JunkMail] Declude 4.1 Is Out http://www.declude.com/Articles.asp?ID=186 Aside from the web admin, are there any other fixes or feature enhancements? The release notes reference 4.0.9.4 ... Thanks! - Jay Sudowski // Handy Networks LLC Director of Technical Operations

RE: [Declude.JunkMail] Declude 4.1 Is Out

etely misinformed information and I will be happy to continue rebutting your posts. -Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, April 03, 2006 8:47 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude 4

Re: [Declude.JunkMail] Declude 4.1 Is Out

CTED] On Behalf Of Matt Sent: Monday, April 03, 2006 6:27 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out Kevin, IIS 6 has built in protection from double encoding by default (like "..%5c" or ".%2e/" instead of "../"), and I als

RE: [Declude.JunkMail] Declude 4.1 Is Out

dness gracious. -Jay From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Monday, April 03, 2006 6:27 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out Kevin, IIS 6 has built in protection from d

Re: [Declude.JunkMail] Declude 4.1 Is Out

the parent paths setting.     Kevin Bilbee          -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Sent: Monday, April 03, 2006 2:38 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out Jay, This is in

RE: [Declude.JunkMail] Declude 4.1 Is Out

e.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Declude 4.1 Is Out Install url scan and use the IIS lockdown tool. this will stop all ../../../ attacks dead in their tracks. Rerardless of the parent paths setting.     Kevin Bilbee          -Original Message-From: [EMAIL

RE: [Declude.JunkMail] Declude 4.1 Is Out

: [Declude.JunkMail] Declude 4.1 Is Out Jay, This is incorrect.  You can traverse directories within your root using "../" with Parent Paths disabled, but if you enable it, you can go outside your root so long as the file permissions allow it.  Here's a quote from the KB article tha

RE: [Declude.JunkMail] Declude 4.1 Is Out

, 2006 2:38 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Declude 4.1 Is Out Jay,This is incorrect.  You can traverse directories within your root using "../" with Parent Paths disabled, but if you enable it, you can go outside your root so long as the file p

RE: [Declude.JunkMail] Declude 4.1 Is Out

5:30 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out Wrongg. Enabling parent paths doesn't allow you to actually enter ../../../../../ and transverse directories into your URL string! http://support.microsoft.com/default.aspx?scid=kb;en-us;

Re: [Declude.JunkMail] Declude 4.1 Is Out

[mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, April 03, 2006 5:27 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Declude 4.1 Is Out I beg to differ.  IMO, Enabling Parent Paths is one of the biggest security risks for a Web server, and IIS disables them by default

RE: [Declude.JunkMail] Declude 4.1 Is Out

abled would be a .01, assuming your NTFS permissions are tight. -Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John T (Lists) Sent: Monday, April 03, 2006 5:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out

Re: [Declude.JunkMail] Declude 4.1 Is Out

, assuming your NTFS permissions are tight. -Jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John T (Lists) Sent: Monday, April 03, 2006 5:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out >From the readme.h

RE: [Declude.JunkMail] Declude 4.1 Is Out

(Lists) Sent: Monday, April 03, 2006 5:09 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] Declude 4.1 Is Out >From the readme.html: "Parent paths must be enabled." Sorry, no they will not be enabled. That is a security risk I am not going to open up on my server. Joh

RE: [Declude.JunkMail] Declude 4.1 Is Out

TED] [mailto:Declude.JunkMail- > [EMAIL PROTECTED] On Behalf Of Jay Sudowski - Handy Networks LLC > Sent: Monday, April 03, 2006 1:45 PM > To: Declude.JunkMail@declude.com > Subject: [Declude.JunkMail] Declude 4.1 Is Out > > http://www.declude.com/Articles.asp?ID=186 > > A

[Declude.JunkMail] Declude 4.1 Is Out

http://www.declude.com/Articles.asp?ID=186 Aside from the web admin, are there any other fixes or feature enhancements? The release notes reference 4.0.9.4 ... Thanks! - Jay Sudowski // Handy Networks LLC Director of Technical Operations Providing Shared, Reseller, Semi Managed and Fully Man