On 8/20/08 11:29 AM, "John Caruso" <[EMAIL PROTECTED]> wrote:
> Whether or not that's so, the fact is that everyone on this list appeared
> to share the same utterly natural assumption that "ns_returnfile X" really
> will return file X

All, I've been on vacation or I would have chimed in earlier, but as John's
client and CTO of the company who found the problem (and is now faced with a
fairly extensive and difficult impact assessment to determine whether the
confidentiality and integrity of our customers' data has been compromised),
I find the suggestion that this is not a bug to be utterly baffling.
Perhaps if the procedure in question was called "ns_returnfromcache", I
could see the arguments against the behavior being considered a bug, but the
name of the procedure is "ns_returnfile", and it takes an argument which is
a filename.  Our objective in using the procedure was not to return a
dynamic file through the cache, it was to return a dynamically generated
file (which was produced by an exec of an OS-level command) from the
filesystem...and the documentation for the procedure certainly did not
suggest that its functionality did not support this usage.

Obviously we'll work around the problem in the future, but it is
disheartening to find a fairly subtle bug, report it with a reproducible
test case, and be challenged so aggressively on the whether it was a poor
decision to use "ns_returnfile" to...um...return a file.

Eric Larkin
Chief Technology Officer
Arena Solutions

4100 E. Third Ave.| Suite 300 | Foster City | CA 94404
tel: 650.513.3502 | fax: 650.513.3511

AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> 
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: 
field of your email blank.

Reply via email to