Re: SECURITY LEAK in ncsa httpd - PLEASE READ THE DOCUMENTATION

ajcole@cbl.leeds.ac.uk

Mail folder: WWW Talk Jan 94-present
Next message: Roy T. Fielding: "Re: Will this be true tomorrow? "
Previous message: Miroslaw Budzanowski: "ilp"
In-reply-to: Marc Andreessen: "Re: SECURITY LEAK in ncsa httpd - PLEASE READ THE DOCUMENTATION"

Errors-To: secret@www0.cern.ch
Date: Tue, 8 Feb 1994 20:56:22 --100
Message-id: <218.9402081953@cblsica.cbl.leeds.ac.uk>
Errors-To: secret@www0.cern.ch
Reply-To: www-talk@www0.cern.ch
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: ajcole@cbl.leeds.ac.uk
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: SECURITY LEAK in ncsa httpd - PLEASE READ THE DOCUMENTATION
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 621

Marc,

>An erroneous assumption does not a SECURITY LEAK make, when the docs
>clearly state the facts.

Strictly thats not true if its easy to leave a loophole through not
reading the docs (in detail) that mistake is going to be made by many
people.  Some 'damage' is bound to have been done just because
its all too easy to setup like this and cause a security leak (potential
or actual).  I wouldnt be suprised if some managemnts immediately
pulled some plugs.  Equally I wouldnt be suprised if on some sites
people are exploiting this hole and keeping quite.

Dont get me wrong you know whose side I am on....

Andrew