Skip to main content.
home | support | download

Back to List Archive

Re: SWISH-E status on windows

From: David L Norris <dave(at)not-real.webaugur.com>
Date: Wed Mar 13 2002 - 17:53:40 GMT
On Wed, 2002-03-13 at 12:42, Bill Moseley wrote:
> The swish.cgi script in the 2.1-dev dist runs on Windows last time I
> checked.  It does not require any extra modules loaded from CPAN.

That's what I thought.

> I'm obligated to say that it may not be secure to run on Windows, since the
> query is passed through the shell.  I don't know what that means on
> Windows, but it seems risky.  And from the amount of CERT notices I see I'm
> not sure how safe it is running IIS.

Excellent point.  I'm not sure anything is safe with IIS running in
kernel space...  Particularly anything that uses the shell.

So, I guess that would be "yes it works on Windows" and "running it on
IIS may allow someone to take over the world"

-- 
 David Norris
  Dave's Web - http://www.webaugur.com/dave/
  Augury Net - http://augur.homeip.net/
  ICQ Universal Internet Number - 412039
  E-Mail - dave@webaugur.com

  "If you stare into an abyss long enough
   it begins to stare back into you."  --Nietzsche
Received on Wed Mar 13 17:53:45 2002