Web Wiz Support and Community Forums : Protential security Hole

Web Wiz Support and Community Forums : Protential security Hole https://forums.webwiz.net/ Copyright (c) 2006-2013 Web Wiz Forums - All Rights Reserved. Tue, 07 Apr 2026 13:09:57 +0000 Fri, 16 Jan 2004 18:16:40 +0000 http://blogs.law.harvard.edu/tech/rss Web Wiz Forums 12.08 360 https://forums.webwiz.net/RSS_post_feed.asp?TID=8983 <![CDATA[Web Wiz Support and Community Forums]]> https://forums.webwiz.net/forum_images/web_wiz_forums.png https://forums.webwiz.net/ <![CDATA[Protential security Hole : This was fixed/changed quite a...]]> https://forums.webwiz.net/protential-security-hole_topic8983_post47419.html#47419 Author: WebWiz-Bruce
Subject: 8983
Posted: 16 January 2004 at 6:16pm

This was fixed/changed quite a few versions ago.

The way the user code is created was changed tocontaing the user name then appended to the end of it is a set of10 random letters and numbers.

If this is not the case in your forum, try updating to the latest version.

Edited by -boRg-]]> Fri, 16 Jan 2004 18:16:40 +0000 https://forums.webwiz.net/protential-security-hole_topic8983_post47419.html#47419 <![CDATA[Protential security Hole : I am sure DJ Air knows the documentation...]]> https://forums.webwiz.net/protential-security-hole_topic8983_post47398.html#47398 Author: michael
Subject: 8983
Posted: 16 January 2004 at 3:52pm

I am sure DJ Air knows the documentation and the forum fairly well, well enough that he is just pointing it out as a suggestion to remove the last two letters of the passoword from the user code. ]]> Fri, 16 Jan 2004 15:52:46 +0000 https://forums.webwiz.net/protential-security-hole_topic8983_post47398.html#47398 <![CDATA[Protential security Hole : Read the documentation and you...]]> https://forums.webwiz.net/protential-security-hole_topic8983_post47393.html#47393 Author: MadDog
Subject: 8983
Posted: 16 January 2004 at 3:26pm

Read the documentation and you wont have any security problems.

]]> Fri, 16 Jan 2004 15:26:08 +0000 https://forums.webwiz.net/protential-security-hole_topic8983_post47393.html#47393 <![CDATA[Protential security Hole : iis 6.0 should take car of this...]]> https://forums.webwiz.net/protential-security-hole_topic8983_post47390.html#47390 Author: Badaboem
Subject: 8983
Posted: 16 January 2004 at 3:01pm

iis 6.0 should take car of this as well. Meta base does not allow files with mdb extension to be downloaded etc. You can allow or disallow extension types yourself. ]]> Fri, 16 Jan 2004 15:01:27 +0000 https://forums.webwiz.net/protential-security-hole_topic8983_post47390.html#47390 <![CDATA[Protential security Hole : i use it in a private directory...]]> https://forums.webwiz.net/protential-security-hole_topic8983_post47389.html#47389 Author: dj air
Subject: 8983
Posted: 16 January 2004 at 2:53pm

i use it in a private directory ... but i thought i would say about it ... for those that don't use a private directory ...]]> Fri, 16 Jan 2004 14:53:10 +0000 https://forums.webwiz.net/protential-security-hole_topic8983_post47389.html#47389 <![CDATA[Protential security Hole : Change the extension of the access...]]> https://forums.webwiz.net/protential-security-hole_topic8983_post47388.html#47388 Author: dpyers
Subject: 8983
Posted: 16 January 2004 at 2:49pm

Change the extension of the access db from .mdb to .asp (and also the connection strings). The access engine will still open it and work with it, but when someone tries to download it, the web server will try to run it as an asp script and return an error.]]> Fri, 16 Jan 2004 14:49:21 +0000 https://forums.webwiz.net/protential-security-hole_topic8983_post47388.html#47388 <![CDATA[Protential security Hole : Hi guys, this isn't a major...]]> https://forums.webwiz.net/protential-security-hole_topic8983_post47383.html#47383 Author: dj air
Subject: 8983
Posted: 16 January 2004 at 2:28pm

Hi guys,

this isn't a major security hole thought it would be wise to say..

say you have a password 4 charecters long ..

then if someone whats to get into your account and you dont have it in a folder outside the root folder ... ie they can download it....

they then can open the database.. look at the User_code and see what the last to letters are ...

say your password was help. in the User_code it would have lp on the end.

so if someone really wanted to get in they would only have to look in a dictionary and go through all them.. you can tell how long the password is by looking at the salt code .... also common words they would try ..

the only thing i can suggest is take out the last 2 charecters from the usercode or use part of the encrypted password...

i would like to say it would take time to hack in but if they wanted to they could....

i know its a bit far fetched but its a protential security hole

]]> Fri, 16 Jan 2004 14:28:12 +0000 https://forums.webwiz.net/protential-security-hole_topic8983_post47383.html#47383