httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: PUT handler spec?
Date Fri, 05 Jul 1996 20:50:37 GMT
  I understand the reasoning.  Just seems like it would be a never-ending
  race between you and the bad guys.

Unfortunately, life is like that sometimes.  Since, in this case, the
alternative (as you correctly deduced) is to run a wide-open system,
and (judging by the CGI-wrapper discussion, which covers a lot of the
same ground) a whole lot of people will be unwilling to do that, the
choice is really:

  1) Support authoring, try as hard as we can to identify and document
     the risks implicit in whatever means we choose, and take the heat
     when we miss one, or...

  2) Don't support it, and leave the field clear for local hacks by
     people who don't understand the risks, or worse, let the
     Microsoft FrontPage server extension, its grossly insecure
     implementation, and its proprietary and undocumented upload
     and site-management protocol rule the day.

Neither of these options is terribly attractive, but given the two, I
tend to prefer the former.  

Still, I'd feel a whole lot more comfortable if we could cajole
someone like (Satan author) Dan Farmer to privately look our risk
assessments over to see if we missed anything before shipping anything
to the general public --- not necessarily to publically vouch for it
(I can understand not wanting to take legal heat for having certified
something), but just to avoid exposing a whole lot of people to
unnecessary risks.  Even that might not be easy though --- if we have
to think a bit about finding the dough for a domain name registration,
we surely can't afford these peoples' consulting rates.

(On the off chance that anyone here does know Dan, not *yet* please;
as a prior message noted, there's already some stuff I'd like to
tighten up ...).

rst


Mime
View raw message