| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: NT4 security updates |
From: "Geo."
Unless you plan to restructure all the website security you have little
choice under what account you are going to have perl running.
Geo.
"Mike N." wrote in message
news:95gkqvc1r9gu287ov4p0tcgnkg0nrhpon6{at}4ax.com...
> You should never run scripting languages in the IUSER context because they
have access to
> all other sites.
>
> However, even if you run them under a separate user, they can still
write a ping
> flooder.
>
> On Thu, 6 Nov 2003 06:08:01 -0500, "Geo."
wrote:
>
> >Lets say I setup a website for you on the server, what user context does
a
> >perl script from your website run in? IUSER right? With that permission
> >level you now have access to every other website on the server, so you
can
> >get into areas you have no business getting into
>
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.