Sadhunathan Nadesan wrote:
>
> |
> | I see this is turning nasty and for no good reason.
> | Simon's offering of free server space *and* Metacard engine for testing
> | cgi scripts should be appreciated.
> | Also, his security concerns should be taken as such, final testing and
> | fine tuning of scripts on a public server I think is fine but figuring
> | out what a cgi is and how it works could be dangerous.
> | Calling a cgi from a stack or a browser should make no difference to the
> | server, what the cgi script does is a another matter and could become a
> | security concern.
> | What I don't understand is why you don't do preliminary
> | testing/debugging on a local machine, which is much easier and if there
> | is a security issue you don't compromise a public server, but use a
> | machine on the other side of the world.
> |
>
> Aloha Andu,
>
> Please pardon my jumping in but perhaps you have mistook the intent
> - Swami is a very noble person and would *never* get involved in any
> nastiness. Trust me. I think we can do best on a list like this by
> offering everyone respect. Unfortunately, email is dangerous in this
> regard, ie, it's easy to read something into it was not intended.
> I'm sure you have seen it many times.
>
> His intentions are good. I believe he just wants to make sure that he can
> assure his ISP there is no security risk in installing MC. This same
> ISP already permits customers to install their own cgi programs .
> Obviously, these programs can ignore the referrer and do whatever the
> customer wants - within, of course, the O/S and file system constraints.
Right, the difference is that ISPs charge for band width, they don't
ignore it.
> So we should be able to tell them that installing MC is no more dangerous
> than them installing a Perl interpreter, or Borne shell. (Which they have).
No, no, no, Swami has good intentions, I'm sure, the conversation was
turning kind of confrontational and not for real differences but
misunderstanding, which is exactly your point about emails.
As for ISPs what they need to know about MetaCard is that it is just
another interpreter, a better one.
What scripts can do is another matter and that was another point I
wanted to make.
>
> Right?
Right.
>
> Thanks for your help,
> Sadhu
Andu
Archives: http://www.mail-archive.com/[email protected]/
Info: http://www.xworlds.com/metacard/mailinglist.htm
Please send bug reports to <[EMAIL PROTECTED]>, not this list.
