[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-developers] Re: CGI Wrap Errors

Subject: [cobalt-developers] Re: CGI Wrap Errors
From: "sara starre" <perl_rocks@xxxxxxxxxxx>
Date: Fri May 26 08:54:58 2000

Bubbles are better than wrappers. Each virtually hosted domain has its ownbubble in which visitors to the site are restricted to changing only filesfrom THAT DOMAIN's root and below. It's safer than wrapping, and doesn'thave the undesirable side-effects like the endless stream of useless (andincorrect) Apache log errors.

This entire thread is silly. I just purchased a Raq3i and created a few
users to test your "security" issues. I find that even as a web site admin,
I can't access users directories, or any sensitive system areas. The only
thing I can access are the public web directories, which (DUH) are PUBLIC,
and accessible by anyone, anywhere on the net.

For those of you who don't care for the cgi-wrap, you have obviously never
run an ISP unix public web server where your constant fear is a user

executing a script that issues a command like "rm -r" on the rootdirectory.

Now, if you are the only developer for your raq, I can understand disabling
cgi-wrap (although I would still advise against it, as even a seasoned user

can bring down a system with bad code). But if you plan to use the devicein

a public setting, turning cgi-wrap off is equivalent to giving all your
users the root password.

Why not put a cobalt raq on a public network? Mine seems perfectly secure,
as secure as any other linux/unix based system out there.

Kevin

----- Original Message -----
From: <corliss@xxxxxxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Thursday, May 25, 2000 12:52 PM
Subject: Re: [cobalt-developers] Re: CGI Wrap Errors


> On Thu, 25 May 2000, Will DeHaan wrote:
>
> > RaQs have tiered administrative access based on common groups, "Site
> > administrators" we call them.  Many ISPs really like this style of
> > access that can't exist with your <G>-so-simple permissions plan.  I
> > understand that you don't care about this functionality.
>
> Perhaps they do or don't like them, the point remains that very little
attempt
> was made to try to tighten things down.  Even with your user model,
there's
> better ways to handle it if you just try, which it's obvious you didn't.

> These are all reasons why you couldn't pay me to put a Cobalt on apublic

> network.  They're great for workgroup use in intranets, but I wouldn't
trust
> them any farther than that.
>
> > This thread is useless unless we're pursuing better permissions on
> > Cobalt boxes with the intention of preserving what it is that Cobalt
> > boxes do.
>

> Agreed, and that is exactly what started this whole thread--trying tofind> more secure configurations. I've made my suggestions, if they don'twork

the
> way you want, fine, ignore them.
>
> --Arthur Corliss
>   Programmer/Administrator
>   Gallant Technologies (http://www.gallanttech.com/)
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers


_______________________________________________
cobalt-developers mailing list
cobalt-developers@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-developers


________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

Prev by Date: Re: [cobalt-developers] Re: CGI Wrap Errors
Next by Date: [cobalt-developers] Spread of Directory share on multiple servers
Previous by thread: RE: [cobalt-developers] Re: CGI Wrap Errors
Next by thread: [cobalt-developers] Any ideas on cgi scripts not working on mirrored server?

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index