[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
RE: [mv] Minimate causing minivend server to crash
****** message to minivend-users from Cameron Prince <PRINCECB@novachem.com> ******
Hi Mike,
I had this problem with v3.14-5. I am running it for my live server due to
the problem with using forms for adding products to the basket it v4.03.
I am migrating my catalogs to v4.04 now with MySQL and I have not tested
this issue as I am still running in UNIX mode...
I will try it and let you know what I find.
Thanks for you efforts,
Cameron
-----Original Message-----
From: owner-minivend-users@minivend.com
[mailto:owner-minivend-users@minivend.com] On Behalf Of Mike Heins
Sent: Monday, April 24, 2000 7:37 PM
To: minivend-users@minivend.com
Subject: Re: [mv] Minimate causing minivend server to crash
****** message to minivend-users from Mike Heins <mikeh@minivend.com>
******
Quoting Cameron Prince (PRINCECB@novachem.com):
>
> Be sure your TCP Host variable is defined.
>
> I had the same trouble and interestingly enough, I found that I could
access
> the catalog using MiniMate without crashing the catalog once I had defined
> TCP HOST as the machine I was connecting from.
>
> BUT! If I disconnected from my ISP and reconnected I got I new ip address.
> If I accessed the MiniMate again it would crash MiniVend.
>
> So that means if anyone scans your box and finds MiniVend listening on a
> port, they can possibly crash your catalog by trying to access it with
their
> MiniMate.
>
> TALK ABOUT A SECURITY PROBLEM.
>
> I set the port to nothing and run minivend in UNIX mode only and it solved
> the problem.
>
> I can still use MiniMate by the following url:
>
Can you give me versions on this? I was aware that there was a problem
with TcpHost in versions 3.15 through 4.02, but it should be fixed
now.
AFAIK, it doesn't affect any Minivend in the typical installation,
though if you set it to a value that isn't correct it is possible to
cause the catalog to give a 500 server error on every access. The key
is to set it only to hosts that are going to be accessing via TLINK;
it is not for setting which browser should access it. The internal HTTP
server doesn't use the TcpHost directive, as is clearly or not so clearly
stated in the documentation.
--
Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH 45056
phone +1.513.523.7621 fax 7501 <mikeh@minivend.com>
Be patient. God isn't finished with me yet. -- unknown
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to
Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
