How to restrict access to NDS information through the NetWare Enterprise Web Server

  • 10064452
  • NOVL56838
  • 27-Aug-2001
  • 12-Dec-2002

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Goal

How to restrict access to NDS information through the NetWare Enterprise Web Server

Addressing Concerns from Nomad Mobile Research Centre regarding NDSOBJ.NLM

Fact

Novell NetWare 5.1

NetWare Enterprise Web Server

Symptom

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: http:///lcgi/ndsobj.nlm">http://<server>/lcgi/ndsobj.nlm

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: http://webserver/NetBasic/websinfo.bas 
 

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: http://webserver/Perl/samples/ndslogin.pl 
 

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: http://webserver/Perl/samples/volscgi.pl 
 

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: http://webserver/Perl/samples/lancgi.pl 

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/test.jse

Access to NDS and Server information may be obtained from the NetWare Enterprise Web Server by hitting the following URL: NetWare 5.1 and NetWare 6.0:
http://webserver/Perl/samples/env.pl

Cause

These files were added mainly as a demonstration of web server and eDirectory functionality and as such, these files may be safely removed.

Fix

To make sure that secure information isn't released through the above listed files, they may be safely removed by doing the following:

Go to the SYS:/NOVONYX/SUITESPOT/LCGI-BIN directory and deleting NDSOBJ.NLM file.  

Go to the \Novonyx\suitespot\docs\sewse\misc directory and delete allfield.jse

Go to the \NETBASIC\WEB directory and delete websinfo.bas

Go to the \Novonyx\suitespot\docs\perlroot\samples directory and delete ndslogin.pl

Go to the \Novonyx\suitespot\docs\perlroot\samples\ directory and delete volscgi.pl

Go to the \Novonyx\suitespot\docs\perlroot\samples directory and delete lancgi.pl

Go to the \Novonyx\suitespot\docs\sewse\misc directory and delete test.jse

Go to the \Novonyx\suitespot\docs\perlroot\samples directory and delete env.pl

The above mentioned files will also be removed as part of future support pack installations.