WebDB -- hiding the gateway page

From: Jim Mooney <mooneyj_at_mantech-wva.com>
Date: 4 Nov 1999 15:17:09 -0600
Message-ID: <3821f7d5$1_at_news.newsfeeds.com>

Using WebDB on Windows NT, the "gateway" page which is used for configuring DADs is accessible directly by URL in the "file" /webdb/admin_/gateway.htm. Accessing this page is actually prescribed as a early test for correct operation of listeners.

This page should be visible only to users with administrator privileges. Yet it seems freely accessible (and CHANGEABLE!) by anyone, without even attempting to login to WebDB at all. This is an unbelievable security problem, especially since passwords may be stored in DADs for good reason, and they will appear (in PLAIN TEXT!) on this page.

The problem occurs both with the WebDB listener and with IIS.

How can I block all access to this page except through WebDB?

Thanks
Jim Mooney

-----------== Posted via Newsfeeds.Com, Uncensored Usenet News ==---------- http://www.newsfeeds.com The Largest Usenet Servers in the World! ------== Over 73,000 Newsgroups - Including Dedicated Binaries Servers ==----- Received on Thu Nov 04 1999 - 22:17:09 CET

This message: [ Message body ]
Next message: David Warren: "PCC-F-NOERRFILE"
Previous message: Carsten Rachfahl: "OAS 4.0.8 download site?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message