[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] 250 site limit URGENT HELP REQUIRED
- Subject: Re: [cobalt-users] 250 site limit URGENT HELP REQUIRED
- From: jens@xxxxxxxxxxxxxxxxxxxx (Jens Kristian Søgaard)
- Date: Mon Oct 16 16:30:44 2000
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Jeremy Anthony Kinsey <webmaster@xxxxxxx> writes:
> >For your information, the RaQs also use an Apache running as root, to
> >do their GUI (Perl).
> I realize that, however PHP just seems a bit more dangerous.
Why do you think so?
CGIs can be written in any method you like. I suspect that making
security faults would be harder in PHP than if you wrote it in
assembler...
> >> The other thing that bothers me is they appear to use Big Brother for
> >> monitoring? Again, very dangerous App...
> >Why do you think BB is especially dangerous?
> There are some remotely exploitable holes in the cgis that are fixed in
> more recent versions. I know it was like 6 months ago when one hole was
> found, and I believe another was found and fixed about a week ago. We
> just dropped it completely for NetSaint.
Well, software errors are found in any program. The hole found 6
months ago has ofcourse long been fixed.
Did you know that at least two remote exploitable overflow bugs was
found in the NetSaint CGIs?
But BTW, I like NetSaint too. It does have some drawbacks,
though. Especially that it's still version 0.0.5 (0.0.6 is still
beta). It also lacks SNMP, better reports (more human readable status
information as we have in BB).
--
Jens Kristian Søgaard, Mermaid Consulting I/S,
jens@xxxxxxxxxxxxxxxxxxxx,
http://www.mermaidconsulting.com/