[1575] in WWW Security List Archive
Re: _DNS_ security problems
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Sat Mar 2 21:10:17 1996
Date: Sat, 2 Mar 1996 15:41:12 -0800 (PST)
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: Rich Salz <rsalz@osf.org>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <9603022136.AA05320@sulphur.osf.org>
Errors-To: owner-www-security@ns2.rutgers.edu
On Sat, 2 Mar 1996, Rich Salz wrote:
> I'll start by saying that your not confused me. On alternate readings it
Huh?
Anyway, I'm not sure you and I _do_ disagree.
> seemed to me that you switched viewpoints and now agree with me. But in
> true email style, I won't let that stop me arguing with you. :)
:)
> >Are you saying that the folks working on sendmail are _not_ responsible
> >for knowing the implications of using syslog? Eric scheduled and
> >deployed a fix - the java team has apparently scheduled one.
>
> No, whoever uses syslog should know its limitations. Knowing C and knowing
In an ideal world, sure, everyone would be omniscient.
However, it makes at _least_ as much sense to fix the oddities in
syslog/DNS, as it does to slap the hands of people who wrote code that
does not take those oddities into account. I tend to argue that it makes
"more sense".
