httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@wired.com>
Subject Re: NCSA 1.4 --- core dumps seen with /~user problem
Date Thu, 06 Apr 1995 19:05:56 GMT
On Thu, 6 Apr 1995, Andrew Wilson wrote:
> COMMA used to have ~user URLs when we first set the server up in 93,
> but Robert Evans deemed that any program that gave away real usernames
> to the ouside world was intrinsically a bad thing - too easy for
> crackers to get into poorly passworded accounts etc, etc.

So I guess you guys never use email?  Any system that gave away 
*arbitrary* information about accounts could be considered a negative 
thing - like finger @site for example - but /~user/ URL's aren't indexed 
anywhere, so someone pretty much has to know about it first before being
able to access it (unless the site creates their own menus of /~user/s.)

	Brian "Bogosity Vanquishor" B.

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@hotwired.com  brian@hyperreal.com  http://www.hotwired.com/Staff/brian/


Mime
View raw message