Security Gap

Forum Moderators: open

Message Too Old, No Replies

Security Gap

big enough to drive a truck thru

grandpa

5:18 am on Dec 19, 2003 (gmt 0)

I made a discovery that's not pretty. From any browser you can ftp://www.mysite.com and view my mailbox, my directories, my files. Anything can be copied, modified or moved.

In contrast, to use an ftp program to access my site, a password is required. No anonymous logins are allowed.

So what is the solution?

thanks
grandpa

TheDave

5:20 am on Dec 19, 2003 (gmt 0)

I think you might have checked the "Save this password" box or something ;)

grandpa

5:22 am on Dec 19, 2003 (gmt 0)

Actually, there's is not even a request for a login.

Krapulator

5:24 am on Dec 19, 2003 (gmt 0)

What dave said!

Test it from another computer

dcrombie

10:37 am on Dec 19, 2003 (gmt 0)

Mmmm... cookies ;)

bird

12:38 pm on Dec 19, 2003 (gmt 0)

Mmmm... cookies

FTP doesn't use cookies.

But it's indeed most likely the browser storing the password in one way or another.

TheDoctor

8:20 pm on Dec 19, 2003 (gmt 0)

I made a discovery that's not pretty. From any browser you can ftp://www.mysite.com and view my mailbox, my directories, my files. Anything can be copied, modified or moved.

I doubt that anything can be copied, modified or moved via a browser. Have you tried this?

But I'd move your mailbox right out of directory space if I were you. I'm surprised you have it there anyway. That's a security hazard in its own right.

Security Gap

big enough to drive a truck thru

grandpa

TheDave

grandpa

Krapulator

dcrombie

bird

TheDoctor

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week