Olympus-OM
[Top] [All Lists]

Re: [OM] Scotland 2014

Subject: Re: [OM] Scotland 2014
From: Scott Gomez <sgomez.baja@xxxxxxxxx>
Date: Sat, 22 Nov 2014 09:07:43 -0800
"Please explain why the simple list would be any more of a risk than an
html web page? It's all part of /Pub_HTML/. Complete noob here but anyone
with ftp software or any web crawler is free to poke around right? FWIW I
wouldn't know how to change the "up" button on just the first page. Nothing
embarissing to see there anyway."

It all depends on how well installed and configured the web server is,
Mike. So security risk can be anywhere from "none" to "huge". Assuming you
set up your own web server, then if you've made sure to follow best
practices for that installation, and access to that folder is deliberate,
there's probably little to no risk. On the other hand, if access to that
folder/directory is a by-product of an automated install of your album
software, then risk could be quite high, depending on what server, what
permissions settings on folders and files, etc. At the very least, that
sort of behavior on the server may make someone with malicious intent more
apt to probe the server a bit more thoroughly in hope of finding a
vulnerability.

My warning was meant as a simple heads-up, as most sites take pains to
avoid exposure of file-level views of the system any more. You may find
that placing a simple HTML page (probably named something like "index.htm"
or "index.html") in that folder is sufficient to get the album software to
serve up a page there in place of the folder/directory contents. Or it may
be a setting in the album software that requires setting a specific folder
as "root" for the software.

I always figure people would rather know when they ought to be aware of a
potential vulnerability. That way they are at least able to protect
themselves from inadvertent errors or omissions.

On Fri, Nov 21, 2014 at 1:32 PM, Mike Lazzari <watershed@xxxxxxxxxxxxxxx>
wrote:

> Re: the album software, I had zero pop-ups while looking through it, and I
>> went photo-to-photo through the entirety. Browser was the latest Google
>> Chrome on an Asus Chromebook, but I've got both Ad Block Plus and Ghostery
>> running, so perhaps they're the reason. I did note that pressing the "up"
>> arrow when at the main portion of the album, one is returned to a text
>> list
>> of the parent directory. I do not know if this is intentional or not, but
>> would caution that if not intentional, it could pose a security risk for
>> your web site.
>>
> Thanks for the comments Scott. I unchecked an overlooked box in the
> 'settings' window which should have disabled the pop-ups so that hopefully
> is cured.
>
> Please explain why the simple list would be any more of a risk than an
> html web page? It's all part of /Pub_HTML/. Complete noob here but anyone
> with ftp software or any web crawler is free to poke around right? FWIW I
> wouldn't know how to change the "up" button on just the first page. Nothing
> embarissing to see there anyway.
>
> I set the photos to automatically resize which works (a bit slowly) on my
> ASUS win8 tablet and on laptops but I can't figure out how to get it to
> right click and open full-sized. Some of the panos have a lot of detail for
> those who might be interested. Perhaps I'll have to disable the clickable
> on-photo navigation. OK I did it. Now you'll have to use the buttons for
> fore and aft navigation. Is that too inconvenient?
>
>
> Mike
>
> --
> _________________________________________________________________
> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
> Themed Olympus Photo Exhibition: http://www.tope.nl/
>
>
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz