Re: [cgiapp] Trying to understand how CGI::App works

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] Trying to understand how CGI::App works

Subject: Re: [cgiapp] Trying to understand how CGI::App works
Date: Tue, 30 Sep 2003 08:55:42 -0400
From: Eric Moore <suppressed>

on 9/29/03 3:31 PM, Christopher Hicks at suppressed wrote:

> Basically
> there's no reason random end users should ever know what your code is
> written in. 

It's trivial for a capable attacker to determine OS/http Server/script
language.  The point is not the language, per se, but the abilities of the
script writer and the server administrator.  Using the 'popular pearl
scripts' (e.g. the old sendmail.pl script that was full of holes) is a false
friend. 

Changing the file suffix may slow down the script kiddies, but the 'pros'
are pounding memory buffers and TCP stacks.

---------------------------------------------------------------------
Web Archive:  http://www.mail-archive.com/suppressed/
              http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed

Follow-Ups:
- Re: [cgiapp] off topic ruminations on security through obscurity
  - From: Christopher Hicks
- Re: [cgiapp] Trying to understand how CGI::App works
  - From: Steve Comrie

References:
- RE: [cgiapp] Trying to understand how CGI::App works
  - From: Christopher Hicks

Prev by Date: RE: [cgiapp] Trying to understand how CGI::App works
Next by Date: Re: [cgiapp] off topic ruminations on security through obscurity
Previous by thread: RE: [cgiapp] Trying to understand how CGI::App works
Next by thread: Re: [cgiapp] off topic ruminations on security through obscurity
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.