* Security weakness in josi setup
2000-12-30 6:08 Security weakness in josi setup Jason Molenda
@ 2000-10-16 15:29 ` Jason Molenda
2000-12-30 6:08 ` Tom Tromey
1 sibling, 0 replies; 4+ messages in thread
From: Jason Molenda @ 2000-10-16 15:29 UTC (permalink / raw)
To: overseers
This change to httpd.conf:
+<Directory /www/sourceware/htdocs/josi>
+ AllowOverride All
+</Directory>
+<Directory /www/sourceware/ml/josi>
+ AllowOverride All
+</Directory>
is a bad idea, particularly the mailing list part of it. It isn't
clear who made the change (it was done as root), but you haven't
thought through the security implications of mhonarc web archives
without those limitations.
If you want to provide password protection, I'd recommend finding
a more specific way of doing it instead of overriding the security
measures. This is really important.
Jason
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Security weakness in josi setup
2000-12-30 6:08 ` Tom Tromey
@ 2000-10-16 18:52 ` Tom Tromey
0 siblings, 0 replies; 4+ messages in thread
From: Tom Tromey @ 2000-10-16 18:52 UTC (permalink / raw)
To: Jason Molenda; +Cc: overseers
Jason> It isn't clear who made the change (it was done as root), but
Jason> you haven't thought through the security implications of
Jason> mhonarc web archives without those limitations.
It was me.
I'll contact you off-list.
Tom
^ permalink raw reply [flat|nested] 4+ messages in thread
* Security weakness in josi setup
@ 2000-12-30 6:08 Jason Molenda
2000-10-16 15:29 ` Jason Molenda
2000-12-30 6:08 ` Tom Tromey
0 siblings, 2 replies; 4+ messages in thread
From: Jason Molenda @ 2000-12-30 6:08 UTC (permalink / raw)
To: overseers
This change to httpd.conf:
+<Directory /www/sourceware/htdocs/josi>
+ AllowOverride All
+</Directory>
+<Directory /www/sourceware/ml/josi>
+ AllowOverride All
+</Directory>
is a bad idea, particularly the mailing list part of it. It isn't
clear who made the change (it was done as root), but you haven't
thought through the security implications of mhonarc web archives
without those limitations.
If you want to provide password protection, I'd recommend finding
a more specific way of doing it instead of overriding the security
measures. This is really important.
Jason
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Security weakness in josi setup
2000-12-30 6:08 Security weakness in josi setup Jason Molenda
2000-10-16 15:29 ` Jason Molenda
@ 2000-12-30 6:08 ` Tom Tromey
2000-10-16 18:52 ` Tom Tromey
1 sibling, 1 reply; 4+ messages in thread
From: Tom Tromey @ 2000-12-30 6:08 UTC (permalink / raw)
To: Jason Molenda; +Cc: overseers
Jason> It isn't clear who made the change (it was done as root), but
Jason> you haven't thought through the security implications of
Jason> mhonarc web archives without those limitations.
It was me.
I'll contact you off-list.
Tom
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2000-12-30 6:08 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-12-30 6:08 Security weakness in josi setup Jason Molenda
2000-10-16 15:29 ` Jason Molenda
2000-12-30 6:08 ` Tom Tromey
2000-10-16 18:52 ` Tom Tromey
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).