At 11:09 am -0500 8/1/03, Richard MacLemale wrote:
Changing topic slightly...It's the metacard engine for Darwin. You can slap it into your CGI-EXECUTABLES folder and then write MetaTalk scripts to do cool CGI stuff.
I've seen a number of recommendations recently to put the mc cgi engine in the same folder as the cgi scripts themselves. Is there any possible security issue with this?
For example, there are many warnings on the Web not to put the Perl engine for Win32 systems in the public cgi-bin directory. The reason is that the executable can be called directly from a url reference and a script passed as a parameter, allowing all kinds of untold damage to be done. I was wondering whether something equally devious was feasible with Metacard. While I haven't found a way to expoit this myself, I'd love the reassurance that it was perfectly safe approach.
Cheers
Dave
_______________________________________________
metacard mailing list
[EMAIL PROTECTED]
http://lists.runrev.com/mailman/listinfo/metacard
