rejetto forum
Software => HFS ~ HTTP File Server => Beta => Topic started by: rejetto on January 17, 2009, 01:45:36 PM
-
NOTICE: this includes an important security fix.
download @ www.dovedove.it/hfs/hfs219.exe
what's new
+ easier way to restore options after "temporarily reset options"
- big security problem only for Win95/98/ME (not others): directory crossing www.rejetto.com/forum/?topic=6542
- {.mime.} was not working
- file properties: "add new" icon was enabled for root
-
cheers! thank you!! ;D
also, this bug is still not fixed:
http://www.rejetto.com/forum/index.php?topic=6484.msg1039325#msg1039325
-
also, this bug is still not fixed:
http://www.rejetto.com/forum/index.php?topic=6484.msg1039325#msg1039325
1. I confirm the default template error - builds 218, 219 (maybe older builds too)
2. It happens when the [upload-success] section is triggered
-
Hi, it was I that actually reported this bug http://www.rejetto.com/forum/index.php?topic=6508.0 and just wanted to know if you were refering to 219 or 220 :)
Posted on: 20 January 2009, 23:30:11
I'm talking about a diferent bug report (the one in the link i pasted), and was asking rejetto about his response in it ;)
-
I was talking about build #219
Is there a 220 available?
I was not aware of it.
:o
-
220 is not yet released otherwise it would be available here in its apropriate place. If you read the linked topic you will unterstand that i was refering to the release 219 or the 220 yet to come.
-
Installed 219.
I noticed that a group can be used as account as well, but without any password!
Moreover, the same user name can be specified into the user list more than once
-
I noticed that a group can be used as account as well, but without any password!
HFS will prevent anyone from loggin in with a group name
Moreover, the same user name can be specified into the user list more than once
That user would be a member of more than one group. Here is more information about user groups from the wiki -> http://www.rejetto.com/wiki/index.php/User_groups
-
I noticed that a group can be used as account as well, but without any password!
HFS will prevent anyone from loggin in with a group name
Actually I just tested logging in with a group name and it works. The login button disappears. However no new folders appear that this group should see, but they now have access to a folder your not supposed to until you login.
-
I noticed that a group can be used as account as well, but without any password!
HFS will prevent anyone from loggin in with a group name
Actually I just tested logging in with a group name and it works. The login button disappears. However no new folders appear that this group should see, but they now have access to a folder your not supposed to until you login.
I just tried logging in with a group name and it wasn't successful. How did you login? What password did you use at loggin? (no password is set up for a group name so there is nothing valid you can put in the password field). The login fails.
You must have logged in with a valid user name & password then by the way that account was set up after login redirected to a group which is the way it would work. But that's not what is being talked about here.
-
I noticed that a group can be used as account as well, but without any password!
TRUE
HFS will prevent anyone from loggin in with a group name
FALSE
a)create an account with no password
b)Attribute the rights of access for a directory for this account only
c)convert this account as a group
d) you can go in the folder with the account(group) name and blank password
e) if you uncheck the group for this account, give it a password , and convert it as group
f) password box is masked
(don't forget to save every time :D )
f) you can now go in the folder with the group name and the new password ( leave blank and you can't log)
optionsdlg.pas
function ToptionsFrm.saveAccountProperties():boolean;
...
a:=@tempAccounts[lastAccountSelected];
a.enabled:=accountEnabledChk.checked;
a.pwd:=pwdBox.Text;
a.noLimits:=ignoreLimitsChk.checked;
a.redir:=redirBox.Text;
a.link:=split(';', trim(accountLinkBox.text));
a.group:=groupChk.Checked;
uniqueStrings(a.link);
result:=TRUE;
accountsBox.invalidate();
end; // saveAccountProperties
a.pwd:=pwdBox.Text;
the password is saving every time you save an account, when you change an account to a group , the old password is not cleared. :)
sorry maverick, but I agree the other man ;)
-
Thanks Mars, followed your steps and group login isn't a problem anymore.
-
HFS will prevent anyone from loggin in with a group name
FALSE
Those words are from rejetto.
http://www.rejetto.com/forum/index.php?PHPSESSID=d2f5aeuucksujmgplin9q6aub2&topic=6198.msg1037132#msg1037132
a)create an account with no password
b)Attribute the rights of access for a directory for this account only
c)convert this account as a group
d) you can go in the folder with the account(group) name and blank password
e) if you uncheck the group for this account, give it a password , and convert it as group
f) password box is masked
(don't forget to save every time :D )
f) you can now go in the folder with the group name and the new password ( leave blank and you can't log)
optionsdlg.pas
function ToptionsFrm.saveAccountProperties():boolean;
...
a:=@tempAccounts[lastAccountSelected];
a.enabled:=accountEnabledChk.checked;
a.pwd:=pwdBox.Text;
a.noLimits:=ignoreLimitsChk.checked;
a.redir:=redirBox.Text;
a.link:=split(';', trim(accountLinkBox.text));
a.group:=groupChk.Checked;
uniqueStrings(a.link);
result:=TRUE;
accountsBox.invalidate();
end; // saveAccountProperties
a.pwd:=pwdBox.Text;
the password is saving every time you save an account, when you change an account to a group , the old password is not cleared. :)
sorry maverick, but I agree the other man ;)
I'm going to have to study this. Is this the expected procedure and behavior or is what you are saying to me is a bug. ???
-
I'm creating a "group" checkbox, so that you tell HFS you mean to use that account as a group.
This way
1. you won't need to enter an impossible password, HFS will prevent anyone from loggin in with the group name
2. i can create some GUI facilities for groups only
You are right but as it is not a bug, I would say rather that it is an important neglect of rejetto concerning the functioning of hfs :D
-
Hi, it was I that actually reported this bug http://www.rejetto.com/forum/index.php?topic=6508.0 and just wanted to know if you were refering to 219 or 220 :)
you can see my post is dated 2 days after the publishing of this build, so NO, this is not your build ;)
-
also, this bug is still not fixed:
http://www.rejetto.com/forum/index.php?topic=6484.msg1039325#msg1039325
1. I confirm the default template error - builds 218, 219 (maybe older builds too)
2. It happens when the [upload-success] section is triggered
oh, so sorry guys, it's that i still have to watch your latest bug reports. i published this build in a hurry because of the security problem!
it's fixed now, just wait for the new build.
it was actually a double problem: the default template had an error, and HFS was not sturdy enough to handle it. Both solved.
-
cool , I am glad to hear it :) :)
-
I'm going to have to study this. Is this the expected procedure and behavior or is what you are saying to me is a bug. ???
a bug! a serious bug...
fixed in next build