Project

General

Profile

Actions
Copy link

Bug #478

closed

Security hole in Metacat for data file.

Added by Jing Tao almost 22 years ago. Updated almost 22 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Jing Tao
Category:
metacat
Target version:
1.2
Start date:
04/30/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
478

Description

In metacat, data files are put into the data directory in the same directory
as the servlet context. So one can do a directory listing of all of the data
that metacat is storing.we need to move that directory somewhere not web
accessible.

Actions
Copy link
 #1

Updated by Jing Tao almost 22 years ago

In build.xml, metacat administrator can specify a absolute path for storing
data file. The property name is datafilepath. During the installation, Metacat
can automaticlly create this directory.

Here is the testing:

Using morpho, new data file can be create in data file directroy. The the data
file can be access by read and export.

The data file can be force and delt T replication too.

An old data file was move to the new data directory. The file can be read and
export too.

Actions
Copy link
 #2

Updated by Redmine Admin about 11 years ago

Original Bugzilla ID was 478

Actions
Copy link

Also available in: Atom PDF