[NBLUG/talk] Fwd: Re: Gallery 1.3.3
error
error at sonic.net
Sat Jun 21 03:27:01 PDT 2003
On Fri, 2003-06-20 at 19:51, Mark Street wrote:
> And this is in response to the post by error regarding the security problems
> with gallery. ; ) The truth, the whole truth, so help me God. I save my old
> Bugtraq posts..... This discussion might help Augie with his decision.
>
> while the bugtraq post is technically correct, it inaccurately
> portrays Gallery as having a large gaping security hole that we could
> fix. The truth is that this is not a problem that can be solved by
> changing code in Gallery. This problem exists with any content
> management application on a shared webserver with a weak security
> policy.
This was a good description of sonic's web services last I checked, no?
Any dynamic script that doesn't actually have usernames and passwords as
well as the ability to change files around should be semi-safe to run.
Anything more than that and it's not really worthwhile if you care. But
one thing about security is that for the most part, no one cares.
error <error at sonic.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: This is a digitally signed message part
Url : http://nblug.org/pipermail/talk/attachments/20030621/a0b9b120/attachment.pgp
More information about the talk
mailing list