Comments for Out with the new, in with the old http://www.gryman.com The views of an American Sat, 05 Jun 2010 00:24:54 +0000 hourly 1 http://wordpress.org/?v=3.0 Comment on Website Security Flaw for Craig Hunter by Greg http://www.gryman.com/2010/06/website-security-flaw-for-craig-hunter/comment-page-1/#comment-5 Greg Sat, 05 Jun 2010 00:24:54 +0000 http://www.gryman.com/?p=54#comment-5 Leaving an editor such as fckeditor open without any protection is a security flaw that could be exploited. Yes, they could put an index file there to keep eyes away from what's there, but anyone who knows the directory and file structure could still find the files and exploit them. The correct thing to do is to setup some form of password protection keeping the public away from the editor. This really is very basic web knowledge that anyone and everyone should know when it comes to websites, especially high profile sites. It does appear to be fixed now, which is good, and likely took them a whole two seconds to throw up a .htaccess file limiting access. Leaving an editor such as fckeditor open without any protection is a security flaw that could be exploited. Yes, they could put an index file there to keep eyes away from what’s there, but anyone who knows the directory and file structure could still find the files and exploit them. The correct thing to do is to setup some form of password protection keeping the public away from the editor. This really is very basic web knowledge that anyone and everyone should know when it comes to websites, especially high profile sites.

It does appear to be fixed now, which is good, and likely took them a whole two seconds to throw up a .htaccess file limiting access.

]]> Comment on Website Security Flaw for Craig Hunter by what http://www.gryman.com/2010/06/website-security-flaw-for-craig-hunter/comment-page-1/#comment-4 what Sat, 05 Jun 2010 00:00:29 +0000 http://www.gryman.com/?p=54#comment-4 I don't see this? Looks they already fixed the problem(?), seems they're pretty on the ball to me. And from what I know of web design.. this isn't a security flaw at all. That's a standard function for the web server, they probably could have thrown an index file in there, but there was nothing particularly deadly by showing a fckeditor directory. Please correct me if I'm wrong? I'm all for bashing a candidate, but usually I try to make it about something valid, and that they actually did wrong. Just saying my $0.02 I don’t see this? Looks they already fixed the problem(?), seems they’re pretty on the ball to me.

And from what I know of web design.. this isn’t a security flaw at all. That’s a standard function for the web server, they probably could have thrown an index file in there, but there was nothing particularly deadly by showing a fckeditor directory. Please correct me if I’m wrong?

I’m all for bashing a candidate, but usually I try to make it about something valid, and that they actually did wrong. Just saying my $0.02

]]> Comment on If you don’t like guns… Don’t get one! by James Tippins http://www.gryman.com/2009/10/if-you-dont-like-guns-dont-get-one/comment-page-1/#comment-2 James Tippins Sun, 04 Oct 2009 05:32:55 +0000 http://www.gryman.com/?p=36#comment-2 I have to say Greg, this is a superb video from many angles, I'm going to snag it and play it for some folks! I have to say Greg, this is a superb video from many angles, I’m going to snag it and play it for some folks!

]]>