[267] in WWW Security List Archive
Message Router delivery notification message
daemon@ATHENA.MIT.EDU (mrgate@bt-web.bt.co.uk)
Wed Dec 14 04:46:58 1994
From: mrgate@bt-web.bt.co.uk
X-Vms-To: R11F::NS1.RUTGERS.EDU::WWW-SECURITY
To: www-security@ns1.rutgers.edu
Date: Wed, 14 Dec 1994 07:28:08 +0000
Reply-To: www-security@ns1.rutgers.edu
RE Message ID: G2072495314DEC199407233730
UA content ID: BOUNCE www-security@nsmx.rutgers.edu: Admin request
Generated by node: WEBC
Attempted delivery to:
Userid : RABSON J <--
Arrival date : 14-DEC-1994 07:23
This delivery failed. Failure reason was "unable to transfer".
Diagnostic was "unrecognised recipient name".
Message-id: G2072495314DEC199407233730
From: NAME: www-security <www-security@ns1.Rutgers.EDU@R11F@MRGATE@WEBCS>
Subject: BOUNCE www-security@nsmx.rutgers.edu: Admin request
To: RABSON J
From owner-www-security Tue Dec 13 23:13:27 1994
Received: from wilgate.wiltel.com (wilgate.wiltel.com [165.122.210.70]) by ns1.rutgers.edu (8.6.8.1+bestmx+oldruq/8.6.6) with SM
Received: from banyan.wiltel.com by wilgate.wiltel.com with SMTP id AA10337
(5.67b/IDA-1.5 for <www-security@ns1.Rutgers.EDU>); Tue, 13 Dec 1994 22:15:04 -0600
Received: by banyan.wiltel.com; Wed, 13 Dec 95 22:13:35 -0600
Date: Sun, 10 Dec 95 19:57:34 +6816
Message-Id: <,eg8+iFunka@banyan.wiltel.com>
From: MAILER-DAEMON@banyan.wiltel.com
To: www-security@ns1.Rutgers.EDU
Subject: Undeliverable Message
X-Incognito-Sn: 386
X-Incognito-Format: VERSION=1.71 ENCRYPTED=NO
To: www-security@ns1.rutgers.edu
Cc:
Subject: Re: Secure W3 Server
Message not delivered to recipients below. Press F1 for help with VNM
error codes.
VNM3036: David Cordeiro@Marketing@WilTel
------------------ Error number Explanation Follows -------------------
VNM3036 -- RETRY PERIOD EXPIRED.
If a user sends a message with an unverifiable
address, Mail will keep trying to deliver the
message for a time period specified by the message
expiration time. If the message cannot be
delivered within that period, the sender receives
a notice of undeliverable mail with this error code.
Check the address on the message, and make any
necessary corrections. If the address appears to
be correct, verify that the connections to the
recipient are working properly and that the
recipient's group still exists.
---------------------- Original Message Follows ----------------------
Let me express my perspective on the subject:
WWW server security is not just limited to protecting
the server from being 'torpedoed'.
I recently participated in the design of a private WWW wide area
network to experiment with the concept of on-line multimedia
shopping. In this context, WWW servers are used as interfaces to
large amounts of commercial-quality video clips, still pictures,
and digital sound that can be purchased on-line.
For this kind of application, preventing the data from being READ or
retrieved by unauthorized users is more important than protecting
the files and the server themselves (the multimedia content
providers have lots of backups).
Imagine you have the digital version of Madonna's next CD on-line,
and find out that it was stolen by hundreds of Web hackers.
A WWW sever running in a chroot'ed environment still needs to be
able to access the content files, therefore they need to be stored
under the restricted file system subtree.
The only good solution to this problem is strong authentication,
which is what SHTTP, Shen, and SSL are for, right?
====================================================
Bich C. Le (also known as Tchiu)
Graduate Student in Computer Science
University of California at Davis
eMail: leb@cs.ucdavis.edu
====================================================
