Project

General

Profile

Bug #478

Security hole in Metacat for data file.

Added by Jing Tao over 17 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
metacat
Target version:
Start date:
04/30/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
478

Description

In metacat, data files are put into the data directory in the same directory
as the servlet context. So one can do a directory listing of all of the data
that metacat is storing.we need to move that directory somewhere not web
accessible.

History

#1 Updated by Jing Tao over 17 years ago

In build.xml, metacat administrator can specify a absolute path for storing
data file. The property name is datafilepath. During the installation, Metacat
can automaticlly create this directory.

Here is the testing:

Using morpho, new data file can be create in data file directroy. The the data
file can be access by read and export.

The data file can be force and delt T replication too.

An old data file was move to the new data directory. The file can be read and
export too.

#2 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 478

Also available in: Atom PDF