So, one of the reasons that I started down the Squeak road is that
our Computing and Network Services people wanted me to move all my
collaborative software research *OFF* of UNIX and *ONTO* Macs. A
UNIX CGI script is a fairly insecure thing -- many of them have been
hacked in lots of different ways. Macintosh Web servers are
amazingly secure -- one of the benefits of not having a command line
:-). (Someone who's pretty reliable told me recently that the US
Army has moved all of their external Webservers onto Macs running
Webstar after the embarrassing hack-attacks that occurred last year.)
Squeak maintains that security in the sense that (if you don't
include AppleScript and don't compile in OSProcessGoodies) you can't
possibly execute anything on the server other than Squeak. You can't
spawn a sniffer, you can't su as root, etc.
Squeak on a Mac feels pretty darn secure. Squeak on other boxes
still seems more secure than generic CGI scripts.
The kinds of risks that Bijan lists (denial of service attacks,
uploading bad things, trashing a Swiki) are inherent to Wiki-like
systems -- doesn't matter what they're written in.
Mark
--------------------------
Mark Guzdial : Georgia Tech : College of Computing : Atlanta, GA 30332-0280
Associate Professor - Learning Sciences & Technologies.
Collaborative Software Lab - http://coweb.cc.gatech.edu/csl/
(404) 894-5618 : Fax (404) 894-0673 : [EMAIL PROTECTED]
http://www.cc.gatech.edu/gvu/people/Faculty/Mark.Guzdial.html
