Re: mod_perl [was: Newbie...]

2003-02-07 16:59:20
On February 8, 2003 at 00:40, Gunnar Hjalmarsson wrote:

And how would incoming messages be piped in automatically?  If you 
are implying some HTTP method, this can be very insecure.  The only 
way to do this securely is to have accessible only via 
an SSL connection and password access.  A client (maybe written in 
LWP) could be written that connects via HTTPS, and sends the proper 
username/password with the message.  Of course, the access to client 
itself would need to be protected to avoid someone getting access 
to the password.

Do you mean that invoking MHonArc from a script run under mod_perl 
requires a higher security level than when invoked from a CGI script?

No, they both require the same level of security, especially if
doing any automated based invocation.

However, mod_perl does carry a some more risk since any "script"
is running within the context of an HTTP server process and not
an isolated process like a CGI program is.

In the end it's of course up to each user to choose based on an 
evaluation of potential risks in the light of the nature of the archive, 
supplementary backup procedures etc.

The problem is people fail to make a proper evaluation, typically
making the false assumption that "I do not have anything of worth."
When there are straight-forward steps for making things more secure,
they should be done.  The cost of dealing with someone who has hacked
into your data is much higher than the cost of setting up decent road
blocks to prevent such events.


To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the

<Prev in Thread] Current Thread [Next in Thread>