[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Web site, SSI, SSH, and Windows SCP

> On Tue, 30 Nov 1999, R.G. Mayhue wrote:
> > have said is that it gave _me_ an idea to move the files. I just thought
> > that if something similar could be developed and not compromise the
> > safety of the site, 
> The problem is that the web server is relatively non-paranoid, ie when you
> allow dynamic content, you are trusting your users not to do anything
> really dumb. So allowing uploads is very dangerous. Of course, we could
> try "scanning" the uploads with a script, but it still may be possible to
> slip some "bad content" past the script.
> > it would be easier then Roger creating accounts
> Nope. Creating accounts is preferable to installing a back door.
> > Check out this use of m4 http://www.bit.net.au/~bhepple/using_m4/using_m4.html
> OK, I'll check it out.
> > BTW I downloaded the Indy web site and installed it. Is the tar ball
> > updated regularly?
> Updated nightly. If there's a lot of people downloading it, I'll make
> it more frequent. 
> Try downloading it tomorrow.
> Cheers,
> -- 
> Donovan

Perhaps better would be to have not a single web server but a set of
servers.  After all if the owner of the server hacks his own server
there is not much harm.  And having several owners checking can
distribute the work load.

			Jean Francois Martinez

Project Independence: Linux for the Masses