Hi! Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs. Please, could you figure out why this could happen? Thanks! This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451. Greetings! Ricardo -- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
On Feb 13, 2012, at 5:47 PM, <[email protected]> <[email protected]> wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
Can you reproduce it? And if so, can we get access to a page showing the symptom or could you tell us how to reproduce? Without more details it's going to be hard to figure out. Thanks -Vincent
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es
Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada.
See more languages: http://www.sergas.es/aviso_confidencialidad.htm
On 02/13/2012 11:47 AM, [email protected] wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
This should not happen from XWiki. Do you have any other proxies, frontends, or even a simple browser cache that is serving the file without asking XWiki for it?
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Sergiu Dumitriu http://purl.org/net/sergiu/
Ricardo, are you by any chance on a Mac? If yes go and download OmniWeb and open the error-console. That console shows all the details of the http traffic. This is generally where I catch Cookie mismatches which could well be your error. Firebug can, otherwise, help this as well. Be sure to use the persistent flag. paul Le 13 févr. 2012 à 17:47, [email protected] a écrit :
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es
Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada.
See more languages: http://www.sergas.es/aviso_confidencialidad.htm _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Vincent Massol [[email protected]] Sent: 13 February 2012 18:09 To: XWiki Users Subject: Re: [xwiki-users] security breach? On Feb 13, 2012, at 5:47 PM, <[email protected]> <[email protected]> wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
Can you reproduce it? And if so, can we get access to a page showing the symptom or could you tell us how to reproduce?
Without more details it's going to be hard to figure out.
Thanks -Vincent
Hi, Vincent, No, I've not been able to reproduce it yet. The issue arose sometime ago when an user claims that a paper of him, ready to be published by a first line magazine, appears indexed by Google even though it was theoretically protected within a XWiki installation. Please, check this: http://atrium_km.idisantiago.es/bin/Project/Transcan2012 - you must be required to identify http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible... some cache related issue? http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/idisMotto.... - you are required to identiy; this file is attached to the same page! Vincent, do you remember your account at EPEC Network? Atrium_KM is now the controller of the whole farm. I've chaged eBioTIC. look and feel to fit the image requirements of this new initiative. I do hope I'll be able to get it bak ASAP! I've created a new account for you there and I'm sending you a new password. Thanks! Ricardo
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es
Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada.
See more languages: http://www.sergas.es/aviso_confidencialidad.htm
users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
Hi, Sergiu! -- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Sergiu Dumitriu [[email protected]] Sent: 13 February 2012 18:59 To: XWiki Users Subject: Re: [xwiki-users] security breach? On 02/13/2012 11:47 AM, [email protected] wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
This should not happen from XWiki. Do you have any other proxies, frontends, or even a simple browser cache that is serving the file without asking XWiki for it?
The only explanation is a cache... but how a robot is able to index a PDF this way? I'm not able to reproduce it though... Please, could access the file listed as freely accessible in my previous message in this thread? Thanks!!!
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
On 02/13/2012 05:08 PM, [email protected] wrote:
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Vincent Massol [[email protected]] Sent: 13 February 2012 18:09 To: XWiki Users Subject: Re: [xwiki-users] security breach?
On Feb 13, 2012, at 5:47 PM,<[email protected]> <[email protected]> wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
Can you reproduce it? And if so, can we get access to a page showing the symptom or could you tell us how to reproduce?
Without more details it's going to be hard to figure out.
Thanks -Vincent
Hi, Vincent,
No, I've not been able to reproduce it yet. The issue arose sometime ago when an user claims that a paper of him, ready to be published by a first line magazine, appears indexed by Google even though it was theoretically protected within a XWiki installation. Please, check this:
http://atrium_km.idisantiago.es/bin/Project/Transcan2012 - you must be required to identify
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible... some cache related issue?
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/idisMotto.... - you are required to identiy; this file is attached to the same page!
I'm prompted for a login for both images. Try to clear your browser cache and see if you can still see the image. Are you sure that Google got the paper from that page? Are you sure it didn't get it at a time when the document was freely accessible?
Vincent, do you remember your account at EPEC Network? Atrium_KM is now the controller of the whole farm. I've chaged eBioTIC. look and feel to fit the image requirements of this new initiative. I do hope I'll be able to get it bak ASAP! I've created a new account for you there and I'm sending you a new password.
Thanks!
Ricardo
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es
Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada.
See more languages: http://www.sergas.es/aviso_confidencialidad.htm
-- Sergiu Dumitriu http://purl.org/net/sergiu/
Hi! ________________________________________ From: [email protected] [[email protected]] On Behalf Of Paul Libbrecht [[email protected]] Sent: 13 February 2012 20:41 To: XWiki Users Subject: Re: [xwiki-users] security breach?
Ricardo,
are you by any chance on a Mac? If yes go and download OmniWeb and open the error-console. That console shows all the details of the http traffic. This is generally where I catch Cookie mismatches which could well be your error.
Firebug can, otherwise, help this as well. Be sure to use the persistent flag.
paul
Yeap, here I'm! And Omniweb (5.11) is frequently used here. Please, what must I look for in Error Log? I'm afraid I'm lost in the whole message stream in this console! So, the problem arises only in my browser? Could you access the file I see as freely available from here and documented in a previous message in this same thread? Thanks for your help!! Le 13 févr. 2012 à 17:47, [email protected] a écrit :
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es
Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada.
See more languages: http://www.sergas.es/aviso_confidencialidad.htm _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
Le 13 févr. 2012 à 23:31, [email protected] a écrit :
are you by any chance on a Mac? If yes go and download OmniWeb and open the error-console. That console shows all the details of the http traffic. This is generally where I catch Cookie mismatches which could well be your error. Yeap, here I'm! And Omniweb (5.11) is frequently used here. Please, what must I look for in Error Log?
Search for the Set-Cookie header.
I'm afraid I'm lost in the whole message stream in this console!
Sure, especially if you activate the detailed login.
So, the problem arises only in my browser? Could you access the file I see as freely available from here and documented in a previous message in this same thread?
They all require login by me. Have you cleared the cookies? paul
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Sergiu Dumitriu [[email protected]] Sent: 13 February 2012 23:22 To: XWiki Users Subject: Re: [xwiki-users] security breach? On 02/13/2012 05:08 PM, [email protected] wrote:
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Vincent Massol [[email protected]] Sent: 13 February 2012 18:09 To: XWiki Users Subject: Re: [xwiki-users] security breach?
On Feb 13, 2012, at 5:47 PM,<[email protected]> <[email protected]> wrote:
Hi!
Under certain circunstances I'm not able to identify, even though a given I've no access to a given XWiki page, it is possible to access/download their attached files provided you know their URLs.
Please, could you figure out why this could happen? Thanks!
Can you reproduce it? And if so, can we get access to a page showing the symptom or could you tell us how to reproduce?
Without more details it's going to be hard to figure out.
Thanks -Vincent
Hi, Vincent,
No, I've not been able to reproduce it yet. The issue arose sometime ago when an user claims that a paper of him, ready to be published by a first line magazine, appears indexed by Google even though it was theoretically protected within a XWiki installation. Please, check this:
http://atrium_km.idisantiago.es/bin/Project/Transcan2012 - you must be required to identify
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible... some cache related issue?
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/idisMotto.... - you are required to identiy; this file is attached to the same page!
I'm prompted for a login for both images. Try to clear your browser cache and see if you can still see the image.
Even clearing the cache the image keep being accessible... it seems them most as a browser related issue instead of an XWiki issue!! If you are prompted for a password in both cases, it is working as expected.
Are you sure that Google got the paper from that page? Are you sure it didn't get it at a time when the document was freely accessible?
Google points to the location of the file on our server. But I can't be absolutely sure about the fact of had restricted access to the attached file at time 0. This remembers me an old proposal of having a switch that allow than in a given installation access to a new page/space is restricted to the creator until he/she explicitely grant access to another user or group of users. This could be useful when working in an environment where security is critical and an error like the one it seems I committed exposes contents not intented to free access by default. Please, what do you think? Thanks!!
Vincent, do you remember your account at EPEC Network? Atrium_KM is now the controller of the whole farm. I've chaged eBioTIC. look and feel to fit the image requirements of this new initiative. I do hope I'll be able to get it bak ASAP! I've created a new account for you there and I'm sending you a new password.
Thanks!
Ricardo
This is causing me some serious problems here. Running XWiki Enterprise 2.4.30451.
Greetings!
Ricardo
-- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es
Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada.
See more languages: http://www.sergas.es/aviso_confidencialidad.htm
-- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
Hi! ________________________________________ From: [email protected] [[email protected]] On Behalf Of Paul Libbrecht [[email protected]] Sent: 13 February 2012 23:34 To: XWiki Users Subject: Re: [xwiki-users] security breach? Le 13 févr. 2012 à 23:31, [email protected] a écrit :
are you by any chance on a Mac? If yes go and download OmniWeb and open the error-console. That console shows all the details of the http traffic. This is generally where I catch Cookie mismatches which could well be your error. Yeap, here I'm! And Omniweb (5.11) is frequently used here. Please, what must I look for in Error Log?
Search for the Set-Cookie header.
OK. I'm afraid I've to read some more documentation about cookies before being able to understand what is an error and what simply a record of regular activity!
I'm afraid I'm lost in the whole message stream in this console!
Sure, especially if you activate the detailed login.
So, the problem arises only in my browser? Could you access the file I see as freely available from here and documented in a previous message in this same thread?
They all require login by me. Have you cleared the cookies?
paul
Ominweb is working OK for me now. Firefox, Safari and Chrome are failing to show the correct behaviour even though I've cleared cache and removed cookies... there is something I'm not able to understand here. What seems clear is that is not a XWiki related issue! What is great... Could XWiki do anything better to ease the way browsers behave? Thanks! Ricardo -- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible...
From my tests, auth is required.
Even clearing the cache the image keep being accessible... it seems them most as a browser related issue instead of an XWiki issue!!
Is there a specific proxy, cache, reverse-proxy, load-balancer or SSL accelerator between you and the website ? Nicolas
Thanks, Nicolas. -- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es ________________________________________ From: [email protected] [[email protected]] On Behalf Of Nicolas Grégoire [[email protected]] Sent: 14 February 2012 00:00 To: XWiki Users Subject: Re: [xwiki-users] security breach?
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible...
From my tests, auth is required.
Even clearing the cache the image keep being accessible... it seems them most as a browser related issue instead of an XWiki issue!!
Is there a specific proxy, cache, reverse-proxy, load-balancer or SSL accelerator between you and the website ?
Nicolas
Nope, to the best of my knowledge. It seems to me that only a misfunctioning of my local browsers/cache can explain this behavior. Thanks for your help! _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
Le 14 févr. 2012 à 00:09, [email protected] a écrit :
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible...
Is there a specific proxy, cache, reverse-proxy, load-balancer or SSL accelerator between you and the website ?
Nope, to the best of my knowledge. It seems to me that only a misfunctioning of my local browsers/cache can explain this behavior.
Ricardo, not having a proxy would mean that you'd run the servlet container (tomcat, jetty, ...) as root or at least start it as such. This is rarely done. paul
Thanks Paul, _______________ From: [email protected] [[email protected]] On Behalf Of Paul Libbrecht [[email protected]] Sent: 14 February 2012 09:32 To: XWiki Users Subject: Re: [xwiki-users] security breach? Le 14 févr. 2012 à 00:09, [email protected] a écrit :
http://atrium_km.idisantiago.es/bin/download/Project/Transcan2012/S28BW.numb... - at least from my browsers here, this image is freely accessible...
Is there a specific proxy, cache, reverse-proxy, load-balancer or SSL accelerator between you and the website ?
Nope, to the best of my knowledge. It seems to me that only a misfunctioning of my local browsers/cache can explain this behavior.
Ricardo,
not having a proxy would mean that you'd run the servlet container (tomcat, jetty, ...) as root or at least start it as such. This is rarely done.
paul
You are right: this way of doing things is not included in any best practices guide. It has been a heritage of old times I've been not able to change yet. I do hope I'll be able to get a better environment to run XWiki in the near future. And apologize for any noise I can introduce in the list by doing things this way. Thank you so much for your comments, Ricardo -- Ricardo Rodríguez Research Management and Promotion Technician Health Research Institute of Santiago de Compostela (IDIS) http://www.idisantiago.es _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users Nota: A información contida nesta mensaxe e os seus posibles documentos adxuntos é privada e confidencial e está dirixida únicamente ó seu destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe, por favor elimínea. A distribución ou copia desta mensaxe non está autorizada. Nota: La información contenida en este mensaje y sus posibles documentos adjuntos es privada y confidencial y está dirigida únicamente a su destinatario/a. Si usted no es el/la destinatario/a original de este mensaje, por favor elimínelo. La distribución o copia de este mensaje no está autorizada. See more languages: http://www.sergas.es/aviso_confidencialidad.htm
participants (5)
-
Nicolas Grégoire -
Paul Libbrecht -
Ricardo.Julio.Rodriguez.Fernandez@sergas.es -
Sergiu Dumitriu -
Vincent Massol