Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search


From: matt:blis at: 15-Sep-2001 11:14

> From: [rebol-bounce--rebol--com] [mailto:[rebol-bounce--rebol--com]] > On Behalf Of john > > I don't get it Ryan? Why would not having to "install" Rebol make a > security hole?
As Ryan pointed out with his very astute example, placing the Rebol binary in the cgi-bin does two things: 1) it allows your Rebol executable to be used in any url on your server 2) it allows *anyone* to do 1) Due the the nature of Rebol being able to 'do remote scripts, someone could quite easily write a script to send files/passwords/do system commands on YOUR server. This is Not A Good Thing(tm) Matt.