Home   Groups   Digests   Personalise   Search   Login
  POV-Ray : Newsgroups : povray.off-topic : O RLY? : Re: O RLY? Server Time
5 Sep 2024 19:27:22 EDT (-0400)
  Re: O RLY?  
From: Darren New
Date: 11 Jul 2009 16:46:17
Message: <4a58fa19$1@news.povray.org>
 
Orchid XP v8 wrote:
> In other words, it stores more than email messages in a central 
> database. Still conceptually the same deal, just with a few minor 
> details on top.

No, not really. Shared stuff like calendars is not conceptually the same as 
a central email store. What exchange does is inherently hard to get right 
because (in part) of the administration/configuration problem and in part 
because of the shared part.

A centralized email server isn't sharing anything between users, nor 
updating things already in the database.

> Well, when somebody says that two identical things are not, in fact, 
> identical, I ask what they think is different...

No. You say "Apache is notable for doing the same thing as IIS", not "What 
does IIS do that Apache doesn't?"

>> How can you be IT support for a windows-based company and not 
>> understand the terms "windows logins" and "remote administration"?
> 
> I don't see what "windows logins" have to do with a generic web server, 
> that's all.

Have you ever used an intranet application where you had to log in to the 
web page?   It means it uses the Active Directory kerberos password stuff to 
let you log into web pages.

MS SQL server allows this too.

>>>>> (Aside from giving root access to anybody who types their URLs with 
>>>>> backslashes instead of forward slashes...)
>>>>
>>>> Cite?
>>>
>>> I *think* this is the correct one:
>>>
>>>
https://services.netscreen.com/restricted/sigupdates/nsm-updates/HTML/HTTP:IIS:ASP-DOT-NET-BACKSLASH.html

>>
>>
>> And where does it say anything about root access there?
> 
> It says that you can "bypass all security controls". How is that 
> different from root access?

Where do you see it say "bypass all security controls"? I see it say "bypass 
ASP.NET authentication capabilities". I see "bypass authentication required 
to access files in secured directories."

What this bug is, in practice, is a way to go
   "http://blah.com/yadda\..\..\hello.txt"
and get out of the DocumentRoot defined by the web server. For example, they 
could use
   "http://blah.com/yadda\..\..\cgi\script.php"
to see the source of your PHP CGI script.

Still not root access.

-- 
   Darren New, San Diego CA, USA (PST)
   "We'd like you to back-port all the changes in 2.0
    back to version 1.0."
   "We've done that already. We call it 2.0."


Post a reply to this message

Copyright 2003-2023 Persistence of Vision Raytracer Pty. Ltd.