httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Frederic Fery <Fred.F...@uts.edu.au>
Subject [users@httpd] block this url: http://yourhost:591/FMPro?-db=database.fp5&-format=-dso_xml&-findall
Date Fri, 13 Dec 2002 20:45:22 GMT
Hi again

I habe beeng looking on the web for weeks and can't find anu answers to this

I want to block this url below from being accessed on my os X server box:
http://yourhost:591/FMPro?-db=database.fp5&-format=-dso_xml&-findall

A web user could just enter this in the browser' and retreive all 
content from the filemaker pro

Is the solution to set up a proxy, apache rewrite, third party software

regards
Frederic
Frederic Fery wrote:
> Hi
> 
> I am new to apache, so sorry if it's a dumb question
> 
> We are running Filemaker pro on OS X server (Jaguar) using webcompanion
> 
> Filemaker is on port 591, Apache port 80 with Web Connector to do some SSL
> 
> I have some security concerns about sharing filemaker databases with 
> webcompanion. The issue is with the XML dso_xml tag (and -raw)
> 
> Anyone can type in their web browser address bar, something like:
> 
> http://yourhost:591/FMPro?-db=database.fp5&-format=-dso_xml&-findall
> 
> this will reveal all the fields from your database in their browser, not 
> really good when you have confidential information...
> 
> WHAT I WOULD LIKE:
> when people are typing &-format=-dso_xml&-findall they would get go 
> nowhere (403.html)
> 
> What is the best way to do it: proxy, apache rewrite?
> And how do you implement it?
> 
> I have tried to set up a proxy (in server settings web->sites->proxy) 
> but it didn't work
> also, if you could give me some apache rewrite examples for -format=-dso_xml
> 
> thanks
> Frederic


-- 
Frederic Fery
Faculty Web Master

http://www.dab.uts.edu.au
http://www.nmh.uts.edu.au
http://www.hss.uts.edu.au
http://www.utsgallery.uts.edu.au
http://www.techtrain.uts.edu.au

University of Technology, Sydney.
Ph: 02 9514 89 37



UTS CRICOS Provider Code:  00099F

DISCLAIMER
========================================================================
This email message and any accompanying attachments may contain
confidential information.  If you are not the intended recipient, do not
read, use, disseminate, distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message. Any views expressed in this message
are those of the individual sender, except where the sender expressly,
and with authority, states them to be the views the University of
Technology Sydney. Before opening any attachments, please check them for
viruses and defects.
========================================================================



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message