Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Developer Center > Contribute 2 security issues

Contribute 2 security issues
Thread Tools
Macola
Mac Elite
Join Date: Mar 2001
Location: Madison, WI
Status: Offline
Reply With Quote
May 21, 2004, 09:06 AM
 
Posted this in software, but it probably belongs here...

I'm trying Contribute 2 and I discovered that it stores all the server information in an XML file, within an "_mm" directory. This file can easily be viewed from a web browser (view source), if directory browsing is enabled, or if you know where to look and type in the URL. Although the admin password is encrypted, I have no idea what type of encryption is used, and Macromedia doesn't seem to address this issue in their support docs.

Has anyone found a good way around this?
I do not like those green links and spam.
I do not like them, Sam I am.
     
philzilla
Occasionally Useful
Join Date: Jun 2001
Location: Liverpool, UK
Status: Offline
Reply With Quote
May 21, 2004, 11:10 AM
 
Originally posted by Macola:
Has anyone found a good way around this?
change the permissions to keep people out?

try chmod 740 _mm or maybe even chmod 700 _mm and see if Contribute can still work with the file.

i haven't tested this any further than seeing if i can use Safari to download said file from my own webserver, with those permission changes: denied. if you can report back, that would be cool, as we'll all know then.
"Have sharp knives. Be creative. Cook to music" ~ maxelson
     
Macola  (op)
Mac Elite
Join Date: Mar 2001
Location: Madison, WI
Status: Offline
Reply With Quote
May 21, 2004, 04:24 PM
 
I tried changing permissions on the file, but Contribute threw a fit. My solution, which isn't perfect but works, is to use an .htaccess file in each of the affected directories to restrict access (using the <Limit> directive).

I'm suprised how few users have mentioned this in the Contribute support forums. I guess most of them don't even realize there's an XML file out there!
I do not like those green links and spam.
I do not like them, Sam I am.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -5. The time now is 06:32 PM.
All contents of these forums © 1995-2011 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.7 © 2000-2011, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2