Development

4th Dimension Standard Edition | 4D Developer Edition | 4D Server Standard Edition | 4D Server Developer Edition | 4D Web 2.0 Pack

Deployment

4D Deployment Options | 4D Runtime Volume | 4D Server Application | 4D Web Server 4D Web Services Server

Solution Accelerators

4D Meetings

Workaround for Potential Security Vulnerability on HFS+ Volumes

This Admin Modify Rule will provide a workaround to block any potential vulnerability in HFS+ volumes that would allow an attacker to access a files data fork or return the file listings from a web server running on Mac OS X. Thanks to Fletcher Sandbeck of Blue World for creating this rule.

Open the 4D WebSTAR Admin Client and access DefaultSite.
Open the Web Rewrite > Admin Modify Rules section.
Create a new rule with the following properties:
URL ends with "data" OR
URL ends with "rsrc" OR
URL contains ".ds_store"
Change root path to ""
Change URL path to "/"
Continue with Rule "stop"
Move the rule so it is first in the list and check the "Preprocess" checkbox.
Click "Save" to save the rule.

This Admin Modify Rule should apply globally and protect every site
on the WebSTAR server.

Extra

4D 2004 Information | Example applications built with 4D products | Comparison Guide | Tech Tips | Buy Now

Minimum System

Mac OS X
Mac OS X compliant machine (G4 or newer recommended)
Mac OS 10.2.x or later
800 X 600 monitor resolution
128 MB total RAM, as required by Mac OS X (256 MB or more recommended).
50 MB free hard disk space
TCP/IP connectivity (DSL or faster Internet connection recommended)

When the solution matters

International Sites

Product Lines

Solutions

Corporate

Support

Purchase