Re: SECURITY LEAK in ncsa httpd - PLEASE READ THE DOCUMENTATION

ajcole@cbl.leeds.ac.uk
Errors-To: secret@www0.cern.ch
Date: Tue, 8 Feb 1994 20:56:22 --100
Message-id: <218.9402081953@cblsica.cbl.leeds.ac.uk>
Errors-To: secret@www0.cern.ch
Reply-To: www-talk@www0.cern.ch
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: ajcole@cbl.leeds.ac.uk
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: SECURITY LEAK in ncsa httpd - PLEASE READ THE DOCUMENTATION
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 621
Marc,

>An erroneous assumption does not a SECURITY LEAK make, when the docs
>clearly state the facts.

Strictly thats not true if its easy to leave a loophole through not
reading the docs (in detail) that mistake is going to be made by many
people.  Some 'damage' is bound to have been done just because
its all too easy to setup like this and cause a security leak (potential
or actual).  I wouldnt be suprised if some managemnts immediately
pulled some plugs.  Equally I wouldnt be suprised if on some sites
people are exploiting this hole and keeping quite.

Dont get me wrong you know whose side I am on....

Andrew