Security Issues
7 views
Skip to first unread message
Ingo Muschenetz (What the Trend?)
Mar 27, 2011, 2:41:39 PM3/27/11
to Jaxer
Hi Everyone,
Oliver Leitner alerted us to a possible secuirty issue in Jaxer using
one of the sample files included with the distro:
The sourceviewer implementation allows access to server root by
entering a custom URL
a fastfix would be adding a .htaccess file under:
/opt/AptanaJaxer/jaxer/aptana/tools/
with the following content i.e. (to limit access to the sourceviewer
to your developers ip address):
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
replace the xxx.xxx.xxx.xxx with your ip, or remove the sourceViewer
component.
Cheers,
Ingo
Oliver Leitner alerted us to a possible secuirty issue in Jaxer using
one of the sample files included with the distro:
The sourceviewer implementation allows access to server root by
entering a custom URL
a fastfix would be adding a .htaccess file under:
/opt/AptanaJaxer/jaxer/aptana/tools/
with the following content i.e. (to limit access to the sourceviewer
to your developers ip address):
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
replace the xxx.xxx.xxx.xxx with your ip, or remove the sourceViewer
component.
Cheers,
Ingo
Eric Dorman
Mar 28, 2011, 9:45:27 AM3/28/11
to Jaxer
Hey Ingo,
Thank you for pointing this out to us.
However Jaxer has not really been in development for quite sometime.
Developing Jaxer further has not been happening so there is a decline
in new bugs being fixed.
If may ask what do you use Jaxer for? :)
Thanks & God bless,
Eric
On Mar 27, 2:41 pm, "Ingo Muschenetz (What the Trend?)"
Thank you for pointing this out to us.
However Jaxer has not really been in development for quite sometime.
Developing Jaxer further has not been happening so there is a decline
in new bugs being fixed.
If may ask what do you use Jaxer for? :)
Thanks & God bless,
Eric
On Mar 27, 2:41 pm, "Ingo Muschenetz (What the Trend?)"
Eric Dorman
Mar 28, 2011, 9:52:13 AM3/28/11
to Jaxer
Hey Ingo,
Jaxer has not been in development for quite sometime.
I have been busy as well as other people have.
Jaxer has a lot of bugs, but sadly Jaxer has not been updated since
it's last version was released by it's creator, Aptana.
I appreciate you pointing this out to us and if may ask how are you
using Jaxer? :)
Thanks & God bless,
Eric :D
Jaxer has not been in development for quite sometime.
I have been busy as well as other people have.
Jaxer has a lot of bugs, but sadly Jaxer has not been updated since
it's last version was released by it's creator, Aptana.
I appreciate you pointing this out to us and if may ask how are you
using Jaxer? :)
Thanks & God bless,
Eric :D
Reply all
Reply to author
Forward
0 new messages