www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dalibor Cerar <dali...@kabi.si>
Subject Re: some updates
Date Fri, 13 Jun 1997 11:41:37 GMT
Hello everyone,

> > 1) We will now be running CGI scripts on mirror sites.  Previously all CGI
> > scripts, such as the search field and bug database, had an explicit link
> > back to www.apache.org.  These CGI scripts only rely upon perl 4 (or 5)
> > being at "/usr/local/bin/perl".  Is this a problem?
> i think it is, since bofh's like me like to produce the security loopholes
> on their own =) no, serously, i wont allow cgi stuff on my system when
> mirroring via ftp from another site. the impact of having a hacked script
> transferred to www.apache.org infesting all of the mirrors make
> www.apache.org a primary target for those wannabe-crackers out there, so i
> would propose to have a http://cgi.apache.org with bugdb and every other
> cgi stuff on it.

I agree with above. Having executables is risky, having them mirrored from
somewhere else even more. It would be much better to have one (or more via
DNS rotating) central cgi server, addressed via absolute URL.

Have a nice weekend everyone,
# Dalibor Cerar -# dalibor@kabi.si #- WWW: http://www.kabi.si/dalibor/
# Mail: Kabi d.o.o., Pri mostiscarjih 13, SI-1000 Ljubljana, Slovenija
# Phone/fax: +386-61-127-28-32 # PGP public key available upon request

View raw message