Jeffrey Hutzelman wrote: > >> 3) Specifically for the web server example, in your proposal, a malicious >> web page could fork() itself, exit the parent thead, and wait around and >> start collecting other authentications, as the web server changed the >> authentication in the pag for other requests. Yuch. > >Web pages can't call fork() or any other system call; they're just data. >Of course, if you have a web server that runs programs provided by >untrusted users, then you have a whole world of potential problems.
You are correct, would "untrusted cgi/script" have been better?. We have this situation, and our solution is able to provide afs authentication for these scripts in a secure manner. Dave _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
