OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: Groupewise Web Interface

Re: Groupewise Web Interface

Subject: Re: Groupewise Web Interface
From: Bayard G. Bell (bbell01EMORY.EDU)
Date: Tue Dec 21 1999 - 14:46:40 CST

Tim Adams wrote:
>
> Here's the interesting bit: Modify the URL by removing the *.html file. Now you can browse the directory structure of the web server. Go to the /com/novell/webaccess directory and what do we find? The webacc.cfg file. The file actually contains the version of the server, Novell paths, etc. No passwords are contained here. The actual gateway password is stored encrypted in the commgr.cfg file (which is stored in a location separate from the actual web pages/servlets).

This browsing capability is not unique to the Netscape Enterprise Server
for NetWare product.

The solution (using the Admin Server GUI) is to select the server you
want to modify from the admin server list, choose "Content Management"
from the title bar, then select "Document Preferences" from the sidebar
menu. If you set "Directory Indexing" to "None", Netscape will not list
contents of the directory if there is no document specified in a
directory and no file matches the index filename spec from that same
"Document Preferences" page. This seems to work just fine for Netscape
Enterprise Server 3.5.1 running on NT.

If anything, this is a common default configuration problem for products
based on Netscape Enterprise and FastTrack Server, whether ported by
Netscape or other vendors.

-Bayard Bell
Emory University

This archive was generated by hypermail 2b27 : Wed Dec 22 1999 - 12:10:41 CST