Skip to main content.
home | support | download

Back to List Archive

Re: CGI script to build Swish-E (without command

From: SRE <eckert(at)>
Date: Tue Oct 08 2002 - 16:33:37 GMT
At 07:49 PM 10/6/02, Bill Moseley wrote:
> >You would not want to do chmod 777 on a shared server.

On Mon, 2002-10-07 00:18:42, SRE wrote:
> Not for long, anyway.

At 01:59 AM 10/8/02, Kurtis D. Rader wrote:
>Not for one second.

Really? You think the script kiddies are banging on random
directory names and will just happen to stumble across yours
the instant you open the protections? What makes you think that?

>While I applaud your inventiveness at dealing with the limitations of
>your environment it is a solution that should not be used by anyone.

Interesting point of view. On a web server where NO ONE has
shell access, NO ONE can view files not in their tree with FTP,
and there are NO LINKS to a temporary directory, what makes you
think it's a horrible security breach to spend 5 or 10 minutes
with open protection before deleting the directory entirely?
Can you suggest how an exploit might start if no one knows the
directory name? Security through obscurity works if obscurity
can be guaranteed.

Hey, I'm as paranoid as the next guy. I lock my car when I go
into a store, but I don't lock the front door every time I walk 
around to the trunk.

The bad guys would have to find AND exploit the open directory
within a matter of a few minutes. That ain't gonna happen.
I'm not even sure how they COULD find it, since there are no
links to it and the server won't give you a list of directories
(.htaccess is a wonderful thing).

Life is a tradeoff. I'm going to worry about credible threats.
You can worry about wisps of smoke. I don't want to flame anyone,
but absolute statements that something relatively safe should
never be used by anyone requires a tempered response.


mailto:eckert(at) |
Info on peak climbing email lists

"The reasonable man adapts himself to the world:
the unreasonable man persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man."
  -- George Bernard Shaw
Received on Tue Oct 8 16:37:16 2002