DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
Prev
Next

Where To Fix An Alert

Forums > Administration and Configuration
Sort:
You are not authorized to post a reply.
Page 2 of 2 << < 12





Timo Breumelhof (40F)

Veteran Member



Posts:1096
Veteran Member




3/2/2020 3:46 AM

    You mean setting these rights or accessing other sites?

    40FINGERS Web Solutions · Style Helper · DDR Menu Demo Skins · SEO Redirect





    Geert

    New Around Here



    Posts:3
    New Around Here




    3/2/2020 4:55 AM

      I have the same trouble i mean security analyzer giving that call.
      The rights setting as we see sould be ok but security analyzer say that they are not ok on a 2016 windows server.






      Timo Breumelhof (40F)

      Veteran Member



      Posts:1096
      Veteran Member




      3/2/2020 5:18 AM

        AFAIR the Security analyzer uses a .NET function to find out what file rights it has, but it does not actually check if it can read/write files.
        I noticed that sometimes there's a difference between theory and practice.
        I have not done any actual file read/write tests on windows 2016 TBH.

        40FINGERS Web Solutions · Style Helper · DDR Menu Demo Skins · SEO Redirect





        Geert

        New Around Here



        Posts:3
        New Around Here




        3/2/2020 5:34 AM

          thanks for explaining






          Noah Bast

          New Around Here



          Posts:4
          New Around Here




          7/6/2020 12:18 PM

            Timo, your post was extremely useful and it successfully cleared up the directory traversal vulnerabilities on our 2012 R2 servers, but we have encountered an unexpected side effect.

             

            Site admins can no longer upload logo and favicons.  File management via the file browser or HTML editor's browse functionality works fine.  It is just the files that are uploaded via the Site Settings page that are not working after we removed the Users group from file permissions.

             

            Do you have any insight regarding this issue?

             






            Mark Buelsing

            Growing Member



            Posts:80
            Growing Member




            7/6/2020 12:35 PM
              Noah, I didn't see which DNNversion you are running, but DNN 9.6.1 and one or two before there have a known issue with the logo and the favicon just as you describe. I looked into it last week. From what I could tell it is ready to be fixed in the next interim release. For work arounds, I have two of them. 1. for the logo, I had some success by uploading the logo using site assets and then using the site settings, in the logo section to "browse file system" for it. Choose it and click "Enter" to save.
              2. Although generally not recommended, I found the record in the database where the filename of the site logo is stored and typed in the path and filename of my logo. If you want to try this, I'll go back and figure out which table for you to get into for that for you.





              Noah Bast

              New Around Here



              Posts:4
              New Around Here




              7/6/2020 12:39 PM

                It never occurred to me that this might be a DNN issue and not related to the file security changes we had recently made.  Those files are typically updated rarely, so we hadn't noticed the problem.

                Thanks!






                Timo Breumelhof (40F)

                Veteran Member



                Posts:1096
                Veteran Member




                7/6/2020 2:15 PM
                  Posted By Noah Bast on 06 Jul 2020 01:39 PM

                  It never occurred to me that this might be a DNN issue and not related to the file security changes we had recently made.  Those files are typically updated rarely, so we hadn't noticed the problem.

                  Thanks!

                  Ok, if in the end it is related to the NTFS security, please let me know..

                   

                  40FINGERS Web Solutions · Style Helper · DDR Menu Demo Skins · SEO Redirect





                  Daniel Valadas

                  Advanced Member



                  Posts:140
                  Advanced Member




                  7/7/2020 8:01 PM
                    For the upload issues, this should now be fixed in 9.6.2 which just got released here: https://github.com/dnnsof.../releases/tag/v9.6.2
                    You are not authorized to post a reply.
                    Page 2 of 2 << < 12

                    These Forums are dedicated to the discussion of DNN Platform.

                    For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

                    1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
                    2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
                    3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
                    4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
                    5. No Flaming or Trolling.
                    6. No Profanity, Racism, or Prejudice.
                    7. Site Moderators have the final word on approving / removing a thread or post or comment.
                    8. English language posting only, please.

                    Would you like to help us?

                    Awesome! Simply post in the forums using the link below and we'll get you started.

                    Get Involved