1
HFS ~ HTTP File Server / Re: HFS Vulnerabilities?
« on: July 23, 2007, 03:27:35 PM »
kk, thanks and will do!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: 1
2
HFS ~ HTTP File Server / HFS Vulnerabilities?
« on: July 23, 2007, 02:23:32 PM »
Hello everyone!
For a university assignment i'm to discuss the vulnerabilities of any server program or OS.
I'm then to also talk about the solution, and the cost of implementing the solution to fix the vulnerability(s).
Since HFS is free and hasn't really been hacked before and the fact that no one in the campus has done an assignment on HFS in previous years, i thought it was a good idea to do my assignment on HFS (It would also promote it supose for who ever reads my assignment in the future).
Alls i need to know is any vulnerability on any version of HFS and a way to fix it (if any). You don't need to do the assignment for me, just so i can start researching on the things that you've told me.
The better the vulnerability the better the mark i get (for example, a DoS attack, or something requiring physical access to the machine won't get very high marks).
I've already scouted the forum, but it can't find anything, so i thought i'd ask directly.
Any way, i thank you for your input!
For a university assignment i'm to discuss the vulnerabilities of any server program or OS.
I'm then to also talk about the solution, and the cost of implementing the solution to fix the vulnerability(s).
Since HFS is free and hasn't really been hacked before and the fact that no one in the campus has done an assignment on HFS in previous years, i thought it was a good idea to do my assignment on HFS (It would also promote it supose for who ever reads my assignment in the future).
Alls i need to know is any vulnerability on any version of HFS and a way to fix it (if any). You don't need to do the assignment for me, just so i can start researching on the things that you've told me.
The better the vulnerability the better the mark i get (for example, a DoS attack, or something requiring physical access to the machine won't get very high marks).
I've already scouted the forum, but it can't find anything, so i thought i'd ask directly.
Any way, i thank you for your input!
3
HFS ~ HTTP File Server / Re: [Request for Feature]: Hidden Folders For Users, Permission Denied screen, L
« on: April 26, 2007, 01:38:21 AM »
That is true.
4
HFS ~ HTTP File Server / Re: [Request for Feature]: Hidden Folders For Users, Permission Denied screen, L
« on: April 26, 2007, 01:29:59 AM »
Yes,
It was an idea.
Hide works fine, i was just saying that if certain people were logged in that it would show, depending on who.
If say i set "user" to only view it, then who ever was logged in as user could be able to see it.
If they wern't logged in as user then it would not show, however they would still be able to get access if they were directly linked, or typed it into their browser.
It was an idea.
Hide works fine, i was just saying that if certain people were logged in that it would show, depending on who.
If say i set "user" to only view it, then who ever was logged in as user could be able to see it.
If they wern't logged in as user then it would not show, however they would still be able to get access if they were directly linked, or typed it into their browser.
5
HFS ~ HTTP File Server / Re: [Request for Feature]: Hidden Folders For Users, Permission Denied screen, L
« on: April 26, 2007, 01:08:35 AM »
yeah but,
How would i give a non-allowed user access?
How would i give a non-allowed user access?
6
HFS ~ HTTP File Server / [Request for Feature]: Hidden Folders For Users, Permission Denied screen, Log..
« on: April 25, 2007, 05:04:45 PM »
First off i would like to say thanks rejetto for creating this program =D It's most awesome.
This feature is sort of like the deny function when a user tries to access a folder, but instead the folder is just not listed.
For example, if a user tries to navigate to C:\HFS\Uploads\
he will not be able to see any folders, when this user logs in however, he will be able to see all files and/or folders that are in the Uploads folder.
He will still be able to gain access to any of the folders that are in there however, for example: C:\HFS\Uploads\Bill will be accessable, but he will not be able to navigate into there unless he directly types it into his browser, or is linked to it.
To disable people from seeing folders the administrator should be be able to right click on the folder (in HFS of course) & select which users should be able to see this folder (or file), much like how the permissions work now.
This feature is useful because maybe you want people to get a folder, or view a picture but you don't want them to know of it's existance until they are told. There's more reasons as well that this feature would be useful for.
Another feature that maybe useful as well is an option that allows you to choose between 2 permission denied screen. One screen will be the "File or Folder doesn't exist" screen, and the other screen will be the "Permission Denied". Of course if you set it to "File or Folder doesn't exist" screen to come up, they should only be allowed one login attempt before it comes up. This will deter many hacking
attempts.
The last Feature i'm asking is being able to select which folder the log file is saved into. I have tried creating a folder & setting the log name as "logs\Log %y% - %m% - %d%" for example, but it doesn't work. This would be a helpful feature when organising logs. - Actually, this does work, i made a typo =D, but yeah.
This feature is sort of like the deny function when a user tries to access a folder, but instead the folder is just not listed.
For example, if a user tries to navigate to C:\HFS\Uploads\
he will not be able to see any folders, when this user logs in however, he will be able to see all files and/or folders that are in the Uploads folder.
He will still be able to gain access to any of the folders that are in there however, for example: C:\HFS\Uploads\Bill will be accessable, but he will not be able to navigate into there unless he directly types it into his browser, or is linked to it.
To disable people from seeing folders the administrator should be be able to right click on the folder (in HFS of course) & select which users should be able to see this folder (or file), much like how the permissions work now.
This feature is useful because maybe you want people to get a folder, or view a picture but you don't want them to know of it's existance until they are told. There's more reasons as well that this feature would be useful for.
Another feature that maybe useful as well is an option that allows you to choose between 2 permission denied screen. One screen will be the "File or Folder doesn't exist" screen, and the other screen will be the "Permission Denied". Of course if you set it to "File or Folder doesn't exist" screen to come up, they should only be allowed one login attempt before it comes up. This will deter many hacking
attempts.
The last Feature i'm asking is being able to select which folder the log file is saved into. I have tried creating a folder & setting the log name as "logs\Log %y% - %m% - %d%" for example, but it doesn't work. This would be a helpful feature when organising logs. - Actually, this does work, i made a typo =D, but yeah.
Pages: 1