TIP: Click on subject to list as thread! ANSI
echo: nthelp
to: Geo.
from: Randall Parker
date: 2003-11-08 15:45:02
subject: Re: NT4 security updates

From: Randall Parker 

Why wouldn't the perl script run under your own context?

If the script files are in some shared directory and everyone has
read/execute access to the directory the scripts can run in their own
context.

Geo. wrote:

> Lets say I setup a website for you on the server, what user context does a
> perl script from your website run in? IUSER right? With that permission
> level you now have access to every other website on the server, so you can
> get into areas you have no business getting into (like the adult website
> hosted next to you). You also have the capability to use server bandwidth
> and cpu for something other than serving web pages. For example you could
> easily write a ping flooder or a web spider using perl and then you've got a
> DS3 worth of bandwidth to play with.
>
> Geo.
>
>

--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
SEEN-BY: 633/267 270
@PATH: 379/45 1 633/267

SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.