Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Use AppleScripts to generate web pages' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use AppleScripts to generate web pages
Authored by: klktrk on Dec 22, '03 01:50:45PM

Hear! Hear! Ditto what the two above said. Remember also, that if your Web server is 'online'... ie. accessible from the greater Web, then you're not only putting your own personal machine and data at risk, but you're also putting the online community at risk. Someone finds a hole in one of your scripts (it happens all the time), and gains your admin privileges. Using that access, they can create a spam relay, or a spamvertizer site, or launch denial of service attacks, or store child porn ... etc etc....

There are GOOD reasons, Apache is set up the way it is. Circumventing it's security policies puts us all at risk...



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: jkooy on Dec 23, '03 12:58:10AM

I guess I don't see it. I thought the whole point of using server side includes was so that you could not see the script or control it and therefore your security risk is minimal. Also, since there is really no way of posting to the AppleScript I don't see how anyone could just randomly gain control of the system. I guess what I could see happen is that someone could upload an shtml page to my website and use that to control my computer. But the only way that would happen is if they were able to gain access of my computer in the first place. I guess I don't really see what the security risk is. Can you explain more of what you mean? Thanks.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: grrl_geek on Dec 23, '03 01:03:06PM

I'm not a security expert by any means, but I can think of an example. Some scripts that allow input (and aren't coded correctly) are vulnerable to a buffer overflow exploit. From what I understand, this is when Mr. Evil Guy sends more data than expected, and then is able overwrite some of the system memory with his code. Exactly how one would do this I'm not sure, but I know it can be done. Is done, all the time.

It's easy to write bad code, and often hard to see what the problem is with it. If there's one thing I've learned about the internet, it's I'm good with computers, but there are a whole lot of people who are better than I. If a good product like Apache has things set up a particular way, there's a reason, and I should understand that reason before I mess with it.

---
~~~~~~~~~~~~~
Sinker sucker socks pants, apocryphal awry!



[ Reply to This | # ]