[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-ssl
Subject:    Re: [apache-ssl] loading a CGI from another webserver
From:       Adam Laurie <adam () algroup ! co ! uk>
Date:       1998-11-27 15:17:21
[Download RAW message or body]

Roeland M.J. Meyer wrote:
> 
> At 11:36 AM 11/23/98 +0000, Adam Laurie wrote:
> >Roeland M.J. Meyer wrote:
> >>
> 
> >> Not if you use tcp_wrappers and secure your NSF mounts (don't allow mounts
> >> from outside your domain). We NSF mount our CGI and mod_perl files systems
> >> and sumlink them into place.
> >
> >Well, one would think that was a fairly secure model, but...
> >
> >  http://www.defcon.org/TEXT/6/hj-3.txt
> >  http://www.madscience.nu/~blas/ctf.html
> >
> >cheers,
> 
> Yeah right. <sigh>
> Do you know how definitive SAINT is?

Nothing is definitive - all you can do is check with as many and varied
tools as you can lay your hands on...

cheers,
Adam
--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House                  
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers

[prev in list] [next in list] [prev in thread] [next in thread]