owhttpd safety: File system.
owhttpd is very safe. There is only 2 places in the code where any file operations are done: 1. The "PID" file, which is set from the command line and specifies a file to write the pid number to. 2. The "configuration" file, again specified from the command line. Both files must be named explicitly, and are optional. No file operations are otherwise performed, so your content is safe. Memory. Extensive testing shows no memory leaks. No arbitrary length input is accepted. Input buffer contents (what we write to a 1-wire chip) is dynamically allocated, so not at a consistent location, making buffer overrun and arbitrary code execution more unlikely. Memory usage is relatively modest and scales with the number of devices, and the number of concurrent connections. Christian's changes to limit simultaneous requests should protect here. Hardware The only hardware accessed is the 1-wire bus masters. The bigger risk, the USB adapter, must have the correct vendor and product code to be accessed. So I'd guess that people access an public owhttpd should be pretty safe, as long as the 1-wire devices aren't controlling something delicate. Paul Alfille On Mon, Jul 6, 2009 at 6:19 PM, Gregg C Levine<[email protected]> wrote: > Hello! > Steinar, you are worried when a search robot, such as from Google or worse a > spam generator robot finds it? Google would be interested, if you've left > off the contact information for you, you've got nothing to worry about. > > Paul this is a good question. How secure is the server who delivers stuff > via owhttpd? > -- ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/blackberry _______________________________________________ Owfs-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/owfs-developers
