[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] Re: CGI Wrap Errors

Subject: RE: [cobalt-developers] Re: CGI Wrap Errors
From: "John Parris" <jparris@xxxxxxxxxxxxxx>
Date: Tue May 23 21:10:01 2000

other web directory located in /home/sites/.

Ok, so how is this a joke?  How else do you serve web data with an
unpriveleged web server?  Public web data is public to shell users too.

I think I'm grossly missing your point here..


	The whole way the thing is configured is a problem. The joke is if someone
needs telnet access, which many people want and/or need, they can see almost
any file on the system. Which means, if a customer is running anything that
stores user names and passwords in clear text (even though that isn't smart,
it does happen), it is viewable by anyone. This is just a simple example,
and for obvious reasons this is a serious problem. Don't try to justify it
with any means. There are ways around this. Just implementing them with the
RAQ and the GUI are fairly annoying.

> Now, I know for a fact I've already had one user nosing around in other
web
> site directories.

On the web or in a shell?  What does it matter?  If a user wants to keep
sensitive data web accessible, they shouldn't store that data in a web
accessible location!  CGI-wrap will enable them to store such things in
more restrictive locations such as a subdirectory from the site or user
home directory.

References:
- Re: [cobalt-developers] Re: CGI Wrap Errors
  - From: Will DeHaan

Prev by Date: Re: [cobalt-developers] Re: Changing Perl
Next by Date: Re: [cobalt-developers] Re: Changing Perl
Previous by thread: Re: [cobalt-developers] Re: CGI Wrap Errors
Next by thread: Re: [cobalt-developers] Re: CGI Wrap Errors

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index