On Thu, Feb 22, 2001 at 03:09:36PM -0900, Ethan Benson wrote:
> several years ago there was a silly `Crack a Mac' contest and someone
> managed to exploit a cgi script and deface the web site served by the
> Mac. in most cases such an attack would never allow site defacment on
> unix since the site is not owned by the webserver UID that the cgi
> script generally runs as.
Point of note... cgi scripts for a site are generally setup to run as
the user who owns the site so that if a cgi script is hacked, the damage
is restricted to said site and not the webserver itself or the system
as a whole.
--
CaT ([EMAIL PROTECTED]) *** Jenna has joined the channel.
<cat> speaking of mental giants..
<Jenna> me, a giant, bullshit
<Jenna> And i'm not mental
- An IRC session, 20/12/2000
