Re: tlug: cgiwrap -some suggestions

["Jonathan Byrne" <jpmag@example.com>]

-----Original Message-----
From: Craig Oda <craigoda@example.com>
To: tlug@example.com <tlug@example.com>
Date: 1998”N3ŒŽ28“ú 0:06
Subject: Re: tlug: cgiwrap -some suggestions


>.cgi.   If we trust the people using the tpj-jp directory,
>we don't really need cgiwrap.    It might be good for


I'm not familiar with CGIwrap, so I'm not sure how much (if any) of a burden
it would place on people to have it as opposed to not having it, but I think
there are two ways that "trust" can be defined.  One is "trust the TLUG
members not to deliberately do anything to compromise the security of the
server."  Another definition is "trust that no one will ever have a security
lapse that they are unaware of but that exists through a bug, a security
hole in their CGI program, etc., and that no one will ever find this hole
and exploit it."  CGIwrap, if I understand this much correctly, seems aimed
at preventing accidents rather than at saying "We don't trust our people (in
the sense of the first definition)."  If that is the case and there is no
excessive burder, perhaps it might be better to have it?

If it really does present a burden, of course we might have to re-think that
and either get something else or have nothing.  CGI is, after all, something
that brings a certain amount of security risk with it no matter how well you
protect yourself, and we might just have to live with that.

Opinions?

Jonathan

---------------------------------------------------------------
Next TLUG Meeting: 11 April Sat, Tokyo Station Yaesu gate 12:30
Featuring Tague Griffith of Netscape i18n talking on source code
---------------------------------------------------------------
a word from the sponsor:
TWICS - Japan's First Public-Access Internet System
www.twics.com  info@example.com  Tel:03-3351-5977  Fax:03-3353-6096