On Wed, Mar 14, 2001 at 12:46:45PM +0000, Jon Eyre wrote:
> oops...
Heh. Just remember, Evil Dave is the paranoid nutcase, Dave Cross is the
one with the gold-plated cat.
> > At Wed, 14 Mar 2001 13:05:05 +0000, David Cantrell <[EMAIL PROTECTED]> wrote:
> >
> > > Evil Dave's server does *not* use seperate cgi-bin directories - but
> > > then, there's no ftp file upload, and the ftp root is in a different
> > > place from the web root anyway, and HTTP file upload is also not
> > > permitted.
>
> Evil Dave's server is therefore a different beast to a hosting company's
> server, which isn't really much use if their customers can't get anything
> on to it.
My several users use scp. All of them can put anything they want on there.
If you're doing hosting and letting people upload code, you have no choice
but to trust your users. *BUT* by avoiding grotesqities like ftp, and by
setting permissions sanely, third-parties are hard-pressed to compromise
the server.
--
David Cantrell | [EMAIL PROTECTED] | http://www.cantrell.org.uk/david/
This is a signature. There are many like it but this one is mine.
** I read encrypted mail first, so encrypt if your message is important **
PGP signature
