- From: <Bertrand.Ibrahim@cui.unige.ch>
- Date: Wed, 10 May 2000 15:04:16 +0200
- To: www-amaya@w3.org
Irene.Vatton@inrialpes.fr said: > Using http 1.1 the publishing is more secure than ftp provided that > you request passwords for publishers. It would be foolish not to require passwords. But even with passwords, I think you're a little over-optimistic here. I've been using the PUT method with the Apache server for a few years now, and here are the problems I see with it: 1) the site administrator has to provide a script for the PUT method. That person might not be very experienced in regard to security problems and might therefore leave, in the PUT script, security holes. I wrote such a script at the time, and tried to forsee all possible problems, but I'm not sure I covered all possible loopholes. (for those interested, the script, written in Tcl, is available at http://cuisung.unige.ch/Gestion/put.txt 2) The directories in which users might save documents with the PUT method have to be writeable by the user under which the Apache server runs. This is usually not a problem for the server's main directories, but is usually difficult to implement for users' private web space ($HOME/public_html/). If somebody has a solution for that one, I'd be interested in hearing from them. Peace, Bertrand Ibrahim. -------------------------------------------- Bertrand.Ibrahim@cui.unige.ch http://cui.unige.ch/eao/www/Bertrand.html
Received on Wednesday, 10 May 2000 09:04:21 UTC