At 11:17 PM 08/01/01 -0700, SRE wrote:
>At 10:52 PM 8/1/01, Bill Moseley wrote:
>>Does anyone use swish-search?
>I use it. My sysadmin insisted!
>>I guess it's suppose to be a "safer" version
>>of swish-e since it can't write index files.
>Exactly. It's also "lighter weight", with a smaller memory footprint,
>but the main difference is that no hacker can possibly do anything
>to your system because swish-search simply can't open output files.
How is it lighter weight?
>>Does that imply that swish-e is not safe?
>Do air bags imply that your car is not safe? Nope. Just an extra layer.
But if air bags make people feel like they don't need to wear seat belts...
I guess my point was this: All swish-search does (at least AFAICT) is not
allow indexing or merging. The trouble I have with that is if there's a
way to initiate indexing or merging from a CGI script (when it's not part
of the script's design) then there's a problem with the CGI script.
Or really what I mean is, if someone can break through a poorly written CGI
script to make swish index or merge when the CGI wasn't designed to do
that, then your security problems are probably much worse that having an
index file destroyed.
swish-search shouldn't be an airbag that keeps people from fastening their
CGI seat belts. (oh that's bad.)
File permissions are probably a better way to address protection of the
index file unless you just must index from a web interface.
I do see the sysadmin benefit, though.
>I hope this build option does not go away in future releases.
Well, it's not a complicated build procedure: ;)
NAME = swish-e
cp -f $(NAME) swish-search
Received on Thu Aug 2 07:44:38 2001