Karn Kallio wrote:
Trusting the webserver user means that multiple applications sharing that server can interfere with each other through the cache files. Each application is forced to trust all of the other applications. Is that ok?
Unless I misunderstand, that would be okay. By "application," do you mean process? Other software like, say, emacs or minesweeper shouldn't be running as the webserver user. Links itself, running in another process, wouldn't self-interfere, as long as it followed the policy of hashing the complete pathname. Other software shouldn't really touch the same files, since the filenames would be "unguessable": they'd have (say) a prefix unique to Links, or even unique to the Links version. Also, each user (each real user, as opposed to Unix user) could point Links at their own caching directory, if they were worried about collisions.
This wouldn't be meant to enforce a high level of security; that could be done using standard Unix security techniques. I only want to ensure that ordinary operation of several casual users on a shared host would work safely.
Everyone happy? Ezra -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. _______________________________________________ links-users mailing list [email protected] http://lists.inf.ed.ac.uk/mailman/listinfo/links-users
