Bugtraq mailing list archives
Re: Groupewise Web Interface
From: bbell01 () EMORY EDU (Bayard G. Bell)
Date: Tue, 21 Dec 1999 15:46:40 -0500
Tim Adams wrote:
Here's the interesting bit: Modify the URL by removing the *.html file. Now you can browse the directory structure of the web server. Go to the /com/novell/webaccess directory and what do we find? The webacc.cfg file. The file actually contains the version of the server, Novell paths, etc. No passwords are contained here. The actual gateway password is stored encrypted in the commgr.cfg file (which is stored in a location separate from the actual web pages/servlets).
This browsing capability is not unique to the Netscape Enterprise Server for NetWare product. The solution (using the Admin Server GUI) is to select the server you want to modify from the admin server list, choose "Content Management" from the title bar, then select "Document Preferences" from the sidebar menu. If you set "Directory Indexing" to "None", Netscape will not list contents of the directory if there is no document specified in a directory and no file matches the index filename spec from that same "Document Preferences" page. This seems to work just fine for Netscape Enterprise Server 3.5.1 running on NT. If anything, this is a common default configuration problem for products based on Netscape Enterprise and FastTrack Server, whether ported by Netscape or other vendors. -Bayard Bell Emory University
Current thread:
- Re: Groupewise Web Interface Tim Adams (Dec 21)
- Re: Groupewise Web Interface Bayard G. Bell (Dec 21)
- <Possible follow-ups>
- Re: Groupewise Web Interface Brian (Dec 21)
- Re: Groupewise Web Interface Sacha Faust Bourque (Dec 21)
- Re: Groupewise Web Interface Randy Mclean (Dec 22)
- Re: Groupewise Web Interface Richard Beels (Dec 23)
- Re: Groupewise Web Interface Randy Mclean (Dec 22)
- Re: Groupewise Web Interface Brian (Dec 21)
- Re: GroupeWise Web Interface Richard Sather (Dec 21)
- Re: Groupewise Web Interface Roy Sigurd Karlsbakk (Dec 23)