Sivakatirswami wrote:
>
> Aloha, Simon:
>
> I hope my notes about alternative uses of MC that "transcend" the dominant
> browsers/HTML page delivery paradigm made sense.
>
> Your security concerns are no doubt similar to many ISP's/Web Hosting
> service administrators. So the issue of distributed Metacard stacks calling
> cgi's from within standalones that exist on CD's or on people hard drives is
> probably of much broader interest than just your new free account offering.
> i.e. (as distinct from calling the MC.cgi from with an HTML page that
> resides on the same server.)
I see this is turning nasty and for no good reason.
Simon's offering of free server space *and* Metacard engine for testing
cgi scripts should be appreciated.
Also, his security concerns should be taken as such, final testing and
fine tuning of scripts on a public server I think is fine but figuring
out what a cgi is and how it works could be dangerous.
Calling a cgi from a stack or a browser should make no difference to the
server, what the cgi script does is a another matter and could become a
security concern.
What I don't understand is why you don't do preliminary
testing/debugging on a local machine, which is much easier and if there
is a security issue you don't compromise a public server, but use a
machine on the other side of the world.
>
> Specifically, it could seriously impact my proposal to our own Web Host in
>
> Honolulu, to install Metacard on their servers.
I think your web host would feel much better about this if he was left
with the impression that you know what you're doing.
>
> Before taking this to the list serve, I would like to do a test, which
> undoubtedly will confirm our suspicions. But we should really be sure with
> an actual test.
>
> So, I am going to call my "say_hello.cgi" which resides at your site in my
> account, from within a Metacard stack on my computer here on the Island of
> Kauai. i.e. this call will NOT be issued from a web page at our domain at
> the web host in Honolulu. This of course will emulate a similar scenario if
> the CGI were being called from a standalone residing on a distributed CD
> that could be running any machine in the world.
>
> So, tell your partner this is happening. I will do this around 5 PM Hawaii
> time which should be about 11 PM in Ottawa. Please don't cancel my account.
> I will only try this once. I would appreciate your operator telling me who
> he sees as the "illegal" referrer in this instance.
>
> I am posting this to the list serve as well in cases there are insights from
> those who have already been down this road.
>
> Hinduism Today
>
> Sivakatirswami
Andu
Archives: http://www.mail-archive.com/[email protected]/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
