WebSpeed Workshop in Development Mode

[Cecil]

By a keyboard fluke I googled for "WebSpeed error for messenger process " and lots of web sites came up with the same results all displaying the progress error message.

This was a neat way of find out which web sites use webspeed.

Then out of sheer curiosity I added workshop to the end of the URL.
BINGO I was in there WebSpeed Workshop.

Now I don't classify my self as a hacker but this was too easy.

Also to find out the Webspeed agents are also running as the root user, I could do some serious damage to there server i.e. rm -fr /*.* or rm /etc/shadow.

So how can I notify the web site administrator anonymously the there WebSpeed setup is running in Development mode.

Plus what would you do?

 

[parul]

I was once told by Alan wilkinson that he went throught the same exercise. He mailed the website admins. some of them responded well some did not.

You are doing them a big favour. I don't think you have to be anonymus about it.

If something goes wrong progress as a community gets a bad name.

According to me it's worth mailing them about the security risk they are running.

-Parul.

 

[shyl]

Something in my mind tells me that Webspeed has an option to disable the workshop. If not, there are also some way to close -- at least hide -- this backdoor.
However, the reality is that this is a missing point for most of the live users of Webspeed. Rather than write to the website adminstrators, I wonder another approach is let PROGRESS disable this option by default. Those who needs it can open it by him/herself. People might be more cautious for the thing he/she opened by his/her own.

 

[FrancoisL]

It not a hard to find option.

When configuring your broker you either set it to work in Production or Development mode. It in the basic options of the broker.

It crazy not to set it to Production, if you don't know about the option , you should not be deploying a Webspeed server.

 

[shyl]

It not a hard to find option.

When configuring your broker you either set it to work in Production or Development mode. It in the basic options of the broker.

It crazy not to set it to Production, if you don't know about the option , you should not be deploying a Webspeed server.

Reality is, people seldom know what is what for Progress, considering it is lack of document and online community. Not even mention that the guy to do is from the end user's IT department.