Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Use AppleScripts to generate web pages' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use AppleScripts to generate web pages
Authored by: jkooy on Dec 23, '03 12:58:10AM

I guess I don't see it. I thought the whole point of using server side includes was so that you could not see the script or control it and therefore your security risk is minimal. Also, since there is really no way of posting to the AppleScript I don't see how anyone could just randomly gain control of the system. I guess what I could see happen is that someone could upload an shtml page to my website and use that to control my computer. But the only way that would happen is if they were able to gain access of my computer in the first place. I guess I don't really see what the security risk is. Can you explain more of what you mean? Thanks.



[ Reply to This | # ]
Use AppleScripts to generate web pages
Authored by: grrl_geek on Dec 23, '03 01:03:06PM

I'm not a security expert by any means, but I can think of an example. Some scripts that allow input (and aren't coded correctly) are vulnerable to a buffer overflow exploit. From what I understand, this is when Mr. Evil Guy sends more data than expected, and then is able overwrite some of the system memory with his code. Exactly how one would do this I'm not sure, but I know it can be done. Is done, all the time.

It's easy to write bad code, and often hard to see what the problem is with it. If there's one thing I've learned about the internet, it's I'm good with computers, but there are a whole lot of people who are better than I. If a good product like Apache has things set up a particular way, there's a reason, and I should understand that reason before I mess with it.

---
~~~~~~~~~~~~~
Sinker sucker socks pants, apocryphal awry!



[ Reply to This | # ]