[3369] in WWW Security List Archive
NeoWebScript security?
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Thu Oct 24 19:23:21 1996
From: riddle@rice.edu (Prentiss Riddle)
Date: 24 Oct 1996 21:05:33 GMT
Apparently-To: <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Has anyone heard heard of NeoWebScript, or have an opinion about its
possible security problems?
One of my users is asking that I support it and I want to look before I
leap.
As I understand it, NeoWebScript is a language which can be embedded in
HTML and activated via server-side includes, so that it can generate
on-the-fly features in an HTML document. It is based on Safe Tcl,
which is supposed to address the security concerns raised by
server-side includes, although the NeoWebScript documentation I've seen
doesn't go into much detail about its security model.
Basic information on NeoWebScript is available from:
http://www.NeoSoft.com/neoscript/index2.html
Anyone know any more about it? Are there any security gotchas in
NeoWebScript? Is it widely used outside of the ISP where it originated,
neosoft.com? Questions for any NeoWebScript experts out there: Can it
be made to work with NCSA httpd or does it require Apache? Does
enabling it require enabling Server-Side Includes in general or can
SSIs be restricted to NeoWebScript alone?
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Opinions expressed are not necessarily those of my employer.
