In a message dated 9/1/99 6:47:06 PM, you wrote:
MP0werd: Leave all the names and passwords in a directory without read
or write priviledges and that should do it.
Adrian: That would be fine by me. Alain, can this be set up?
Alain: Of course it can, but I don't see how this folder setup would
encrypt and/or protect our votes. Please clarify.
MP0werd: In MacOS, all processes are spawned off root (to use posix
terminology), so that even though people cannot access a certain folder, the
cgi can access it. That folder can contain the current tally, the password
list, etc. The only way to compromise this security would be physical access
to the machine or a bug in your webserver (like the PHF exploit). Since the
Macintosh is not a common platform, I do not believe these are concerns that
we should be worried about, the only exploits I've seen for macintosh file
servers are Denial of Service attacks, nothing that would breach the
information.
