httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TOKI...@aol.com
Subject Re: WIN32 CGI - SECURITY THREAT - 4 OF 4
Date Tue, 26 Jan 1999 02:38:33 GMT
In a message dated 99-01-26 00:14:33 EST, you write:

> Sheesh.  If the interpreter being run to execute the CGI can do it,
>  then the CGI can do it.  If it can bypass the OS's file permissions,
>  then the OS doesn't have file permissions.
>  
>  If you want to argue with me, you can't just go on and on about how
>  Win32 is different and how command.com is scary, but you have to give
>  a specific technical example of why the interpreter name can magically
>  do something that the code itself can't.

I will.

Give me a day or so and I will show you what I thought
would be obvious from the posting. A picture is worth a thousand
words.

The security thing was really an after-thought since it really doesn't
affect me or my company that much. We are INTRA-NET ONLY.
All users are trusted ( and a good thing! ).

Any comments on the OTHER 3 postings RE: WIN32 CGI?


Mime
View raw message