It's currently not possible to replace this page. However, you can replace the error message generated when there is no script at all ("Can't open default script") by placing a default Vortex script called "index" in the default database (usually /usr/local/morph3/texis/testdb). This is run when no script is supplied in the URL.
The default error page reveals the actual path on disk to the web root, right? I believe this has been classified as a security flaw as it grants usually confidential information to someone outside the server. Additionally, in some cases it'll give the OS and processor type.
Can you respond to those who say this is a potentially serious problem? Any plans to fix it?
Customers using vhttpd can use an EntryScript to check for the existence of a script prior to invoking texis, and take an appropriate action if the script does not exist.
A risk is present only if there is some actual vulnerability on that same server. This does not provide access to the server, although it may be used by an attacker to narrow the attack against other vulnerabilities.
Although we consider the vulnerability minor, we have initiated a modification to resolve the issue. Customers who wish to take advantage of the change should contact Thunderstone tech support (link on the left menu).
Some customers may prefer the current functionality, which is not inadvertent or a "bug." Rather, Thunderstone designed its software to include this information for resolving web server path problems, which are common.
