[51811] in Cypherpunks
Re: anonymous web pages (Was: SurfWatch)
daemon@ATHENA.MIT.EDU (Dan Cross)
Sat Mar 9 23:58:50 1996
To: Alex Strasheim <cp@proust.suba.com>
Cc: cypherpunks@toad.com
In-Reply-To: Your message of "Sat, 09 Mar 1996 20:22:16 CST."
<199603100222.UAA03114@proust.suba.com>
Date: Sat, 09 Mar 1996 23:50:57 -0500
From: Dan Cross <cross@math.psu.edu>
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: text/plain; charset=us-ascii
>
> [Much talk of anonymous web pages snipped for space]
>
This is an interesting idea, though I think a really really insecure one.
What's keeping someone from posting ``trojan web pages'' and then waiting
for the pages to be soaked up by servers? Something that says ``click
<here> to see the /etc/passwd file for this site!'' which runs some funky
CGI thing to cat /etc/passwd or, ``Enter your credit card number to buy
super wiz-bang gadget!'' or the like is a really scary, but very real,
possibility if great care is not taken in setting this kind of thing up.
News servers, on the other hand, don't suffer from this problem because
the data which they contain is much more passive in nature (at least, while
in the spool..) than HTML.
However, if someone would invest the time and effort in coming up with a
secure configuration, then it would be really really cool.
- Dan C.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMUJfqZ0xu5BHxyP9AQG2vgP+J52A6p1BdGHlhPBLN5U7BypdzHWsNc9b
Jydek+Rxbwi/sbmZ2T9Ggrnw+DcCn1eEvQGljfTf/+andwcYh8ptK05p6eGg/oKR
ZbNYwjs1xfQiA5NiH1af4r5SGkKbBQ0TC3aCZBOBnkzJAoujroZqoQm7dYC4u/1E
CsNEg3fE7P0=
=6Yfr
-----END PGP SIGNATURE-----
