On Mon, 25 Oct 1999, Aengus Lawlor wrote:
> It's precisely because the CGI command makes Analog "simple to use,
> simple to set up" that I'd prefer to keep it, if there was a simple way
> to resolve the security issues. But I can see that that would involve
> making Analog just a little bit more complicated internally, so sticking
> with the seperate CGI interface may be the best option.
>
The point is also that it introduces a new set of security issues. OK, so
I can resolve the current ones. But maybe there are more that I haven't
thought of. These aren't the first, after all. Encouraging people to keep
extra executables in their cgi space could be asking for trouble.
I would prefer, if it doesn't impede functionality too much, to keep all the
security issues in one place (anlgform) where I can get them all in my head
at once, think very carefully about them, and document my solutions. (And
you can't make the form interface work at all until you've read at least
some of the documentation, so there is a much better chance that people will
read it there!)
--
Stephen Turner [EMAIL PROTECTED] http://www.statslab.cam.ac.uk/~sret1/
Statistical Laboratory, 16 Mill Lane, Cambridge CB2 1SB, England
"Due to the conflict in Kosovo, we will not be showing the movie Wag the
Dog. Instead, we will show Mortal Kombat: Annihilation." Cable & Wireless
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/analog-help@lists.isite.net/
------------------------------------------------------------------------
