[3376] in WWW Security List Archive
Re: NeoWebScript security?
daemon@ATHENA.MIT.EDU (John Robert LoVerso)
Fri Oct 25 12:25:38 1996
To: riddle@rice.edu (Prentiss Riddle)
Cc: www-security@ns2.rutgers.edu
In-reply-to: Message from riddle@rice.edu (Prentiss Riddle)
<54olmt$l20@listserv.rice.edu> .
Date: Fri, 25 Oct 1996 09:51:08 -0400
From: John Robert LoVerso <john@loverso.southborough.ma.us>
Errors-To: owner-www-security@ns2.rutgers.edu
I do not believe there are any "gotchas" in NeoWebScript. It is significantly
safer thant the #exec method of server side includes. In fact, you can liken
it's abilities to the Tcl plugin for Netscape/IE3.
Either way, it can't do anything to the user's browser, since the browser
never sees it.
John
(I believe it is limited to Apache; the rest of your questions should
probably be sent to the folks at Neosoft).
