has either been audited over for buffer overflows and the like?
thanks,
Ron DuFresne
On Sat, 6 Nov 1999, David Harris wrote:
>
> Behalf Of R. DuFresne wrote:
> > Of course, if you are going to do this you have put the server up on a
> > sacrificial box on a dmz, as the frontpage extensions are a nasty peice of
> > work, yes?
>
> Don't bother with the MS mod_frontpage because it's (a) not really secure and
> (b) is a gross hack that patches a core data structure and the cgi modules in
> addition to adding a new module.
>
> If you scrap Microsoft's stupid little setuid hack and write your own mechanism
> to run the frontpage cgi executables as the user who owns the web files, then
> things can be done securely. I've written my own mod_frontpage and mechanism,
> and some other guy out there has written his own too:
>
> ftp://ftp.vr.net/pub/apache/mod_frontpage/
>
> I've not used his module, but I've looked at it and it seems just dandy.
>
> - David Harris
> Principal Engineer, DRH Internet Services
>
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior consultant: darkstar.sysinfo.com
http://darkstar.sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
