oops...
On Wed, 14 Mar 2001, Dave Cross wrote:
> At Wed, 14 Mar 2001 13:05:05 +0000, David Cantrell <[EMAIL PROTECTED]> wrote:
> > On Wed, Mar 14, 2001 at 11:50:04AM +0000, Jon Eyre wrote:
> > > In my experience, virtually *all* isps/hosting providers use the
> > > 'separate cgi-bin directory' configuration. either for the
> > > security reasons outlined by evil dave ...
> > Evil Dave's server does *not* use seperate cgi-bin directories - but
> > then, there's no ftp file upload, and the ftp root is in a different
> > place from the web root anyway, and HTTP file upload is also not
> > permitted.
Evil Dave's server is therefore a different beast to a hosting company's
server, which isn't really much use if their customers can't get anything
on to it.
> And besides, it wasn't Evil Dave that pointed out the security issues.
oops... apologies, confused by a surfeit of Daves...
Returning to subject, what would be really useful for me, and probably
many other aspirant mongers, is to see Matt's scripts subjected to
a similar sort of process to that in the perl.com
'program-repair-red-flags' articles. It's all very well to say 'these
scripts are bad and insecure, here are some well-written and secure
versions', but a lot more can be learnt from showing *why* they're
bad, even if it's just done by marking the originals up with
constructively critical comments...
just my .02
j
---
jon eyre ([EMAIL PROTECTED]) (http://simpson.dyndns.org/~jon/)
the slack which can be described is not the true slack
