DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.
  • Search Forums
    Advanced Search
Prev
Next
Forums Using DNN Platform Administration and Configuration

Where To Fix An Alert

 18 Replies
 3 Subscribed to this topic
 40 Subscribed to this forum
Sort:
Page 2 of 2 << < 12
Author
Messages
Timo Breumelhof.
Senior Member
Posts: 1322
Senior Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
Lifesaver
Lifesaver
You're Life Saver!
New Poster
New Poster
Congrats on posting!
3 Engaged Reader
Engaged Reader
You are an engaged reader!
3/2/2020 4:46 AM

You mean setting these rights or accessing other sites?

Geert
New Around Here
Posts: 3
New Around Here
3/2/2020 5:55 AM

I have the same trouble i mean security analyzer giving that call.
The rights setting as we see sould be ok but security analyzer say that they are not ok on a 2016 windows server.

Timo Breumelhof.
Senior Member
Posts: 1322
Senior Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
Lifesaver
Lifesaver
You're Life Saver!
New Poster
New Poster
Congrats on posting!
3 Engaged Reader
Engaged Reader
You are an engaged reader!
3/2/2020 6:18 AM

AFAIR the Security analyzer uses a .NET function to find out what file rights it has, but it does not actually check if it can read/write files.
I noticed that sometimes there's a difference between theory and practice.
I have not done any actual file read/write tests on windows 2016 TBH.

Geert
New Around Here
Posts: 3
New Around Here
3/2/2020 6:34 AM

thanks for explaining

Noah Bast
New Around Here
Posts: 4
New Around Here
7/6/2020 1:18 PM

Timo, your post was extremely useful and it successfully cleared up the directory traversal vulnerabilities on our 2012 R2 servers, but we have encountered an unexpected side effect.

 

Site admins can no longer upload logo and favicons.  File management via the file browser or HTML editor's browse functionality works fine.  It is just the files that are uploaded via the Site Settings page that are not working after we removed the Users group from file permissions.

 

Do you have any insight regarding this issue?

 

Mark Buelsing
Growing Member
Posts: 80
Growing Member
7/6/2020 1:35 PM
Noah, I didn't see which DNNversion you are running, but DNN 9.6.1 and one or two before there have a known issue with the logo and the favicon just as you describe. I looked into it last week. From what I could tell it is ready to be fixed in the next interim release. For work arounds, I have two of them. 1. for the logo, I had some success by uploading the logo using site assets and then using the site settings, in the logo section to "browse file system" for it. Choose it and click "Enter" to save.
2. Although generally not recommended, I found the record in the database where the filename of the site logo is stored and typed in the path and filename of my logo. If you want to try this, I'll go back and figure out which table for you to get into for that for you.
Noah Bast
New Around Here
Posts: 4
New Around Here
7/6/2020 1:39 PM

It never occurred to me that this might be a DNN issue and not related to the file security changes we had recently made.  Those files are typically updated rarely, so we hadn't noticed the problem.

Thanks!

Timo Breumelhof.
Senior Member
Posts: 1322
Senior Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
Lifesaver
Lifesaver
You're Life Saver!
New Poster
New Poster
Congrats on posting!
3 Engaged Reader
Engaged Reader
You are an engaged reader!
7/6/2020 3:15 PM
Posted By Noah Bast on 06 Jul 2020 01:39 PM

It never occurred to me that this might be a DNN issue and not related to the file security changes we had recently made.  Those files are typically updated rarely, so we hadn't noticed the problem.

Thanks!

Ok, if in the end it is related to the NTFS security, please let me know..

 

Daniel Valadas
Veteran Member
Posts: 349
Veteran Member
3 Helpful Replier
Helpful Replier
Thanks for being such a helpful replier!
MVP
MVP
You're an MVP!
Engaged Reader
Engaged Reader
You are an engaged reader!
Avid Reader
Avid Reader
Avid Reader art thou!
7/7/2020 9:01 PM
For the upload issues, this should now be fixed in 9.6.2 which just got released here: https://github.com/dnnsof.../releases/tag/v9.6.2
Page 2 of 2 << < 12

These Forums are for the discussion of the open source CMS DNN platform and ecosystem.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
  2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
  3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  5. No Flaming or Trolling.
  6. No Profanity, Racism, or Prejudice.
  7. Site Moderators have the final word on approving / removing a thread or post or comment.
  8. English language posting only, please.

Would you like to help us?

Awesome! Simply post in the forums using the link below and we'll get you started.

Get Involved