Skip to main content.
home | support | download

Back to List Archive

Re: Security issues

From: Bill Moseley <moseley(at)>
Date: Mon Jan 24 2005 - 17:31:56 GMT
On Mon, Jan 24, 2005 at 05:56:38PM +0100, Philippe de Rochambeau wrote:
> Hello,
> Apart from not tainting the swish.cgi variables or forking swish-e, 
> what would you call "insecure usage" on Unix?

General poor usage of CGI script -- allowing user input to go through
the shell, for example.  Not correctly escaping user input.  Bad file
permissions.  Running swish as root or as a user that has too much
access.  Things like that.

Your question was a bit to general to give you any specific answers.

Bill Moseley

Unsubscribe from or help with the swish-e list:

Help with Swish-e:
Received on Mon Jan 24 09:31:56 2005