Re: [mv] Minimate causing minivend server to crash

[Mike Heins <mikeh@minivend.com>]

******    message to minivend-users from Mike Heins <mikeh@minivend.com>     ******

Quoting Cameron Prince (PRINCECB@novachem.com):
> 
> Be sure your TCP Host variable is defined.
> 
> I had the same trouble and interestingly enough, I found that I could access
> the catalog using MiniMate without crashing the catalog once I had defined
> TCP HOST as the machine I was connecting from.
> 
> BUT! If I disconnected from my ISP and reconnected I got I new ip address.
> If I accessed the MiniMate again it would crash MiniVend.
> 
> So that means if anyone scans your box and finds MiniVend listening on a
> port, they can possibly crash your catalog by trying to access it with their
> MiniMate.
> 
> TALK ABOUT A SECURITY PROBLEM.
> 
> I set the port to nothing and run minivend in UNIX mode only and it solved
> the problem.
> 
> I can still use MiniMate by the following url:
> 

Can you give me versions on this? I was aware that there was a problem
with TcpHost in versions 3.15 through 4.02, but it should be fixed
now.

AFAIK, it doesn't affect any Minivend in the typical installation,
though if you set it to a value that isn't correct it is possible to
cause the catalog to give a 500 server error on every access. The key
is to set it only to hosts that are going to be accessing via TLINK;
it is not for setting which browser should access it. The internal HTTP
server doesn't use the TcpHost directive, as is clearly or not so clearly
stated in the documentation.

-- 
Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH  45056
phone +1.513.523.7621 fax 7501 <mikeh@minivend.com>

Be patient. God isn't finished with me yet.  -- unknown
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list