Bug #478
closed
Security hole in Metacat for data file.
Added by Jing Tao about 22 years ago.
Updated almost 22 years ago.
Description
In metacat, data files are put into the data directory in the same directory
as the servlet context. So one can do a directory listing of all of the data
that metacat is storing.we need to move that directory somewhere not web
accessible.
In build.xml, metacat administrator can specify a absolute path for storing
data file. The property name is datafilepath. During the installation, Metacat
can automaticlly create this directory.
Here is the testing:
Using morpho, new data file can be create in data file directroy. The the data
file can be access by read and export.
The data file can be force and delt T replication too.
An old data file was move to the new data directory. The file can be read and
export too.
Original Bugzilla ID was 478
Also available in: Atom
PDF