[508] in WWW Security List Archive
Re: Security risks with CGI
daemon@ATHENA.MIT.EDU (John Hemming (Chief Executive Mark)
Sat Mar 4 09:08:42 1995
From: "John Hemming (Chief Executive MarketNet )" <JohnHemming@mkn.co.uk>
Date: Fri, 03 Mar 95 20:25:58 -800
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>Someone wrote about trusting PC programs bought from the
>shop not trashing your hard disk
If the Singapore Trader was good for £700 Million Barings
would not have to worry. Within the financial services
sector identifying clear credit limits is very difficult.
If part of a system falls a domino effect is possible. This
is one of the problems in determining the credit limit under
RTGS (real time gross settlement) systems for the dematerialisation
of securities in the UK.
One PC is one thing, but our main serving system is another.
Generally I would not give someone the power to trash the
hard disk without a sledgehammer and access to the premises.
> Its a question of having to be very carefull indeed. The cshell is
> As for VMS being "as bad". Well I certainly would not recommend anyone
> haven't
> known people clobber themselves with VMS.
At MarketNet we have written a server system that runs in
protected mode on top of DOS. When a server overloads it
passes uses to another server. We know exactly what people
can do because if we haven't written it they can't.
There is inherently a tradeoff between security and flexibility.
We have gone for the security option.
> But I
> wouldn't feel at all happy running a nuclear power station with them.
I wouldn't feel happy running a nuclear power station at all.
John
"Unix - what's that?"
