[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Web site, SSI, SSH, and Windows SCP



> 
> On Tue, 30 Nov 1999, R.G. Mayhue wrote:
> 
> > have said is that it gave _me_ an idea to move the files. I just thought
> > that if something similar could be developed and not compromise the
> > safety of the site, 
> 
> The problem is that the web server is relatively non-paranoid, ie when you
> allow dynamic content, you are trusting your users not to do anything
> really dumb. So allowing uploads is very dangerous. Of course, we could
> try "scanning" the uploads with a script, but it still may be possible to
> slip some "bad content" past the script.
> 
> > it would be easier then Roger creating accounts
> 
> Nope. Creating accounts is preferable to installing a back door.
> 
> > Check out this use of m4 http://www.bit.net.au/~bhepple/using_m4/using_m4.html
> 
> OK, I'll check it out.
> 
> > BTW I downloaded the Indy web site and installed it. Is the tar ball
> > updated regularly?
> 
> Updated nightly. If there's a lot of people downloading it, I'll make
> it more frequent. 
> 
> Try downloading it tomorrow.
> 
> Cheers,
> -- 
> Donovan
> 


Perhaps better would be to have not a single web server but a set of
servers.  After all if the owner of the server hacks his own server
there is not much harm.  And having several owners checking can
distribute the work load.

-- 
			Jean Francois Martinez

Project Independence: Linux for the Masses
http://www.independence.seul.org