[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Policy based on the wrong technical assumptions



ig25@mvmap66.ciw.uni-karlsruhe.de (Thomas Koenig)  wrote on 01.07.97 in <199707010943.LAA31745@mvmap66.ciw.uni-karlsruhe.de>:

> Christoph Lameter wrote:
>
> >Security issues can be addressed by authentication provided by the
> >webserver.
>
> Yet another large and potentially buggy piece of software running on a
> system.  Yet another chance to mess up configuration files in a
> security-relevant way.  I don't think these two issues can be addressed
> by authentication provided by the webserver :-)

True.

However, you can solve them by making a very small, simple web server  
that's restricted to /usr/doc and localhost connections. This shouldn't  
require rocket science.

You might even do a web server that runs as the user wanting to read that  
documentation (started in the background by whatever command replaces  
man).

MfG Kai


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .


Reply to: