Stephen Turner
Mon, 25 Oct 1999 14:26:30 -0700
On Mon, 25 Oct 1999, Aengus Lawlor wrote: > It's precisely because the CGI command makes Analog "simple to use, > simple to set up" that I'd prefer to keep it, if there was a simple way > to resolve the security issues. But I can see that that would involve > making Analog just a little bit more complicated internally, so sticking > with the seperate CGI interface may be the best option. > The point is also that it introduces a new set of security issues. OK, so I can resolve the current ones. But maybe there are more that I haven't thought of. These aren't the first, after all. Encouraging people to keep extra executables in their cgi space could be asking for trouble. I would prefer, if it doesn't impede functionality too much, to keep all the security issues in one place (anlgform) where I can get them all in my head at once, think very carefully about them, and document my solutions. (And you can't make the form interface work at all until you've read at least some of the documentation, so there is a much better chance that people will read it there!) -- Stephen Turner [EMAIL PROTECTED] http://www.statslab.cam.ac.uk/~sret1/ Statistical Laboratory, 16 Mill Lane, Cambridge CB2 1SB, England "Due to the conflict in Kosovo, we will not be showing the movie Wag the Dog. Instead, we will show Mortal Kombat: Annihilation." Cable & Wireless ------------------------------------------------------------------------ This is the analog-help mailing list. To unsubscribe from this mailing list, send mail to [EMAIL PROTECTED] with "unsubscribe analog-help" in the main BODY OF THE MESSAGE. List archived at http://www.mail-archive.com/analog-help@lists.isite.net/ ------------------------------------------------------------------------