On Sat, Mar 16, 2002 at 05:56:33PM +0200, Shlomi Fish wrote: > On Sat, 16 Mar 2002, mulix wrote: > > > On Sat, Mar 16, 2002 at 04:38:41PM +0200, Shlomi Fish wrote: > > > On Sat, 16 Mar 2002, mulix wrote: > > > > > > > i created /iglu/html/irc, owned by mulix.mulix and accesible through > > > > http://www.iglu.org.il/irc/. i upload the files manually right now, > > > > until we implement a scheme to allow the maintainer (app) to upload > > > > files on his own - or just give him an account and be done with it. > > > > > > A way to manage the files should not be hard to implement with a CGI > > > script. (just make sure it makes enough sanity checks) If you write > > > a > > > > cgi scripts are inherently insecure. i do not intend to go that way. > > That's a base-less generalization that is not good for anything. CGI > scripts can be made very secure by using careful coding.
show me how a script that fulfills the function required can be made secure, please... then go to bugtraq and make a small search for cgi exploits. most cgi's aren't written using 'careful coding'. but, if it makes you feel better, you can add 'non trivial' to my statement above. > Well, Sagi proposed something that can be done with proftpd. Let's look > into it first, and only then implement it as a CGI script. Are you OK with > that? not entirely - i dont want a cgi script, and we already have an ftp server installed - i dont want to maintain two of them. i'll look into running another copy of whatever we have running in a chroot'd environment later tonight. -- The ill-formed Orange Fails to satisfy the eye: http://vipe.technion.ac.il/~mulix/ Segmentation fault. http://syscalltrack.sf.net/ ---------------------------------------------------------------------------- To unsubscribe, send a message to [EMAIL PROTECTED] Archives available at http://www.mail-archive.com/[email protected]/
