[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Web site, SSI, SSH, and Windows SCP

On Tue, 30 Nov 1999, R.G. Mayhue wrote:

> have said is that it gave _me_ an idea to move the files. I just thought
> that if something similar could be developed and not compromise the
> safety of the site, 

The problem is that the web server is relatively non-paranoid, ie when you
allow dynamic content, you are trusting your users not to do anything
really dumb. So allowing uploads is very dangerous. Of course, we could
try "scanning" the uploads with a script, but it still may be possible to
slip some "bad content" past the script.

> it would be easier then Roger creating accounts

Nope. Creating accounts is preferable to installing a back door.

> Check out this use of m4 http://www.bit.net.au/~bhepple/using_m4/using_m4.html

OK, I'll check it out.

> BTW I downloaded the Indy web site and installed it. Is the tar ball
> updated regularly?

Updated nightly. If there's a lot of people downloading it, I'll make
it more frequent. 

Try downloading it tomorrow.