|
| I see this is turning nasty and for no good reason.
| Simon's offering of free server space *and* Metacard engine for testing
| cgi scripts should be appreciated.
| Also, his security concerns should be taken as such, final testing and
| fine tuning of scripts on a public server I think is fine but figuring
| out what a cgi is and how it works could be dangerous.
| Calling a cgi from a stack or a browser should make no difference to the
| server, what the cgi script does is a another matter and could become a
| security concern.
| What I don't understand is why you don't do preliminary
| testing/debugging on a local machine, which is much easier and if there
| is a security issue you don't compromise a public server, but use a
| machine on the other side of the world.
|
Aloha Andu,
Please pardon my jumping in but perhaps you have mistook the intent
- Swami is a very noble person and would *never* get involved in any
nastiness. Trust me. I think we can do best on a list like this by
offering everyone respect. Unfortunately, email is dangerous in this
regard, ie, it's easy to read something into it was not intended.
I'm sure you have seen it many times.
His intentions are good. I believe he just wants to make sure that he can
assure his ISP there is no security risk in installing MC. This same
ISP already permits customers to install their own cgi programs .
Obviously, these programs can ignore the referrer and do whatever the
customer wants - within, of course, the O/S and file system constraints.
So we should be able to tell them that installing MC is no more dangerous
than them installing a Perl interpreter, or Borne shell. (Which they have).
Right?
Thanks for your help,
Sadhu
Archives: http://www.mail-archive.com/[email protected]/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
