[1703] in WWW Security List Archive
SWISH/WWWWAIS access control gotchas?
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Fri Mar 22 16:06:33 1996
From: Prentiss Riddle <riddle@is.rice.edu>
To: www-managers@lists.stanford.edu, www-security@ns2.rutgers.edu
Date: Fri, 22 Mar 1996 10:58:27 -0600 (CST)
Errors-To: owner-www-security@ns2.rutgers.edu
I want to set things up so my users can build their own searchable
indexes of web pages, and in the interest of simplicity I'm thinking of
going with SWISH 1.1 and WWWWAIS 2.5.
One concern of mine is that many gateways (CGI or otherwise) fail to
take access control sufficiently into account. Often they contain
loopholes which can be used to retrieve files which either should not
be served out at all or should be served out only within the
organization. A cursory look at SWISH and WWWWAIS doesn't reveal any
such holes, but I thought I'd ask here to see if anyone else had
noticed any.
Please reply by *MAIL* and I will summarize if I learn of any
problems. Thank you.
For more information on SWISH and WWWWAIS, see:
http://www.eit.com/software/swish/swish.html
http://www.eit.com/software/wwwwais/wwwwais.html
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Opinions expressed are not necessarily those of my employer.
