Re: web documentation

To: Jim Pick <jim@jimpick.com>
Cc: Michael Stone <mstone@itri.loyola.edu>, debian-user@lists.debian.org
Subject: Re: web documentation
From: Nathan E Norman <nnorman@cfni.com>
Date: Wed, 11 Jun 1997 08:59:01 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.3.96.970611085513.21662A-100000@endor.cfni.com>
In-reply-to: <[🔎] 199706110434.VAA27543@fleming.jimpick.com>

On Tue, 10 Jun 1997, Jim Pick wrote:

:
:> Hmm. You want to have people run a web browser as root and run cgi
:> scripts with root privilage. Please don't make this a default. I
:> can't think of any way to make this secure. It would be better
:> to hack together some kind of front end, or hack lynx into some
:> kind of dedicated engine. The possibilities for accidents are
:> too great if you run the scripts directly from lynx.
:
:That's true - but any time you allow logins into a system, you risk
:making it insecure.  Debian provides all sorts of ways to log in to
:a system "by default" - but it is easy to turn them all off.
:
:Current web servers like Apache and Roxen are extremely configurable,
:which makes them really easy to misconfigure.  So I don't think
:allowing this type of access using them is a wise move.
:
:It might be useful to use a specialized web server that is not
:very configurable, but has an extra emphasis on security.  This
:could run on a non-standard port from /etc/inetd.conf, so it
:wouldn't conflict with a web server on the same system which
:was intended for normal uses.

This is essentially what the BSDI folks have done with their
configuration product, called Maxim.  It seems to work ok, but since I'm
more comfortable at the command line, I turned it off.  Now, BSDI is not
necessarily the pinnacle of configurability, but they've had Maxim since
2.1 at least ... the concept seems to be working well for them.

I personally would like to see an install program that defaults to
newbie behaviour unless a flag is specified or one of the first choices
is "expert mode", so that so-called experts don't have to fight through
helpful menus and the like.  (Some of us are stubborn).

My 2 cents.

--
  Nathan Norman    :    Hostmaster CFNI    :    nnorman@cfni.com
    finger nnorman@cfni.com for PGP public key and other stuff
Key fingerprint = CE 03 10 AF 32 81 18 58  9D 32 C2 AB 93 6D C4 72
--


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: web documentation
  - From: Jean Pierre LeJacq <jplejacq@quoininc.com>

References:
- Re: web documentation
  - From: Jim Pick <jim@jimpick.com>

Prev by Date: Re: Best e-mail approach for discon. sites
Next by Date: Re: zip ECP/EPP driver?
Previous by thread: Re: web documentation
Next by thread: Re: web documentation
Index(es):
- Date
- Thread