Menu
▾
▴
Re: [Nms-cgi-devel] Re: Configuration (was Re: Constants (was Re: [Nms-cgi-devel] Various Stuff);)
|
From: Olivier D. <dr...@sh...> - 2002-01-31 13:44:41
|
On Thu, Jan 31, 2002 at 08:25:53AM -0500, Olivier Dragon wrote: > I see how it could be *hard* to generate config automatically but how is > this a security hole if 1.) it doesn't take CGI input 2.) it's run only > once and creates a config file used thereafter? I guess it could become > a security hole if it's done incorrectly and we end up with wrong config > data. I guess I didn't think this through. It's almost certain we won't have write persmission in the cgi-bin directory and therefore we can't generate a config file that is useable (we could always do it in /tmp but then it might not be so useful). Which leaves the option of running a configurator everytime: this sucks cpu power and could be a security issue. All in all, the idea of an automatic configurator isn't so good, IMHO. I think if the user can't figure out they have to edit the script configuration then they shouldn't be allowed to use the script. Same if they can't configure properly. I mean we have fairly extensive READMEs, and, AFAIK, there's not much else we can do to help them. They have to configure the script or else it's useless. -Oli -- +----------------------------------------------+ | Olivier Dragon dr...@sh... | | Software Engineering II, McMaster University | +----------------------------------------------+ |
