Skip to main content.
home | support | download

Back to List Archive

Re: Security issues

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Mon Jan 24 2005 - 17:31:56 GMT
On Mon, Jan 24, 2005 at 05:56:38PM +0100, Philippe de Rochambeau wrote:
> Hello,
> 
> Apart from not tainting the swish.cgi variables or forking swish-e, 
> what would you call "insecure usage" on Unix?

General poor usage of CGI script -- allowing user input to go through
the shell, for example.  Not correctly escaping user input.  Bad file
permissions.  Running swish as root or as a user that has too much
access.  Things like that.

Your question was a bit to general to give you any specific answers.


-- 
Bill Moseley
moseley@hank.org

Unsubscribe from or help with the swish-e list: 
   http://swish-e.org/Discussion/

Help with Swish-e:
   http://swish-e.org/current/docs
   swish-e@sunsite.berkeley.edu
Received on Mon Jan 24 09:31:56 2005