D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-321 => Topic started by: dalbert on October 05, 2008, 05:26:19 AM

Title: http file access
Post by: dalbert on October 05, 2008, 05:26:19 AM

Is there a way to access shared volume(s) via http?

Is there a way to suppress http access to important files
that might pose a security risk: e.g. stuff in /etc like:
    /etc/passwd
    /etc/shadow
    /etc/ez-ipupdate.conf
    /etc/fstab
    /etc/mtab
    /etc/inittab
    /etc/hosts
    /etc/protocols
    /etc/services

Title: Re: http file access
Post by: fordem on October 05, 2008, 10:38:06 AM

I could be wrong on this ....

a) I believe if you downgrade to 1.04 those files will no longer be accessible
2) I believe http file access will be available in a future firmware release - there is an undocumented web page - http://<ip-address-of-DNS>/web/wfs_login.asp.

The way I heard it, preliminary code for the http file access was left in the 1.05 release leading to the insecurities that have upset many persons.

Title: Re: http file access
Post by: D-Link Multimedia on October 06, 2008, 09:33:47 AM

Yes a preliminary HTTP file server was left in 1.05 however this was only on the DNS-323 and did not affect the DNS-321.

We are still looking into it.

Title: Re: http file access
Post by: fordem on October 06, 2008, 12:16:35 PM

Quote from: D-Link Multimedia on October 06, 2008, 09:33:47 AM

Yes a preliminary HTTP file server was left in 1.05 however this was only on the DNS-323 and did not affect the DNS-321.

We are still looking into it.

Oops - forgot which forum I was in .... :-[