[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Web site, SSI, SSH, and Windows SCP
>
> On Tue, 30 Nov 1999, R.G. Mayhue wrote:
>
> > have said is that it gave _me_ an idea to move the files. I just thought
> > that if something similar could be developed and not compromise the
> > safety of the site,
>
> The problem is that the web server is relatively non-paranoid, ie when you
> allow dynamic content, you are trusting your users not to do anything
> really dumb. So allowing uploads is very dangerous. Of course, we could
> try "scanning" the uploads with a script, but it still may be possible to
> slip some "bad content" past the script.
>
> > it would be easier then Roger creating accounts
>
> Nope. Creating accounts is preferable to installing a back door.
>
> > Check out this use of m4 http://www.bit.net.au/~bhepple/using_m4/using_m4.html
>
> OK, I'll check it out.
>
> > BTW I downloaded the Indy web site and installed it. Is the tar ball
> > updated regularly?
>
> Updated nightly. If there's a lot of people downloading it, I'll make
> it more frequent.
>
> Try downloading it tomorrow.
>
> Cheers,
> --
> Donovan
>
Perhaps better would be to have not a single web server but a set of
servers. After all if the owner of the server hacks his own server
there is not much harm. And having several owners checking can
distribute the work load.
--
Jean Francois Martinez
Project Independence: Linux for the Masses
http://www.independence.seul.org
- Prev by Date:
Re: Web site, SSI, SSH, and Windows SCP
- Next by Date:
Re: Web site, SSI, SSH, and Windows SCP
- Prev by thread:
Re: Web site, SSI, SSH, and Windows SCP
- Next by thread:
Re: Web site, SSI, SSH, and Windows SCP
- Index(es):