Loading ...
Sorry, an error occurred while loading the content.

Re: "ocaml_beginners"::[] security for web hosting

Expand Messages
  • Martin Jambon
    ... A few words from Xavier Leroy on that topic: http://caml.inria.fr/pub/ml-archives/caml-list/2002/02/944945f507884d41bad70d4d47a6ab39.en.html ... -- Martin
    Message 1 of 11 , May 31, 2006
    • 0 Attachment
      On Wed, 31 May 2006, Christophe TROESTLER wrote:

      > On Tue, 30 May 2006, Florent Monnier <fmonnier@...> wrote:
      >>
      >> And what would you think about overloading in the stdlib the functions that
      >> could cause security problems, like for exemple the one to read files:
      >> http://caml.inria.fr/pub/docs/manual-ocaml/libref/Pervasives.html#VALopen_in
      >
      > Not sure to follow you here. If you think this overloading will make
      > it safe, forget it. For example you cannot forbid the programmer to
      > use the external keyword to bind to whichever C function he likes.

      A few words from Xavier Leroy on that topic:

      http://caml.inria.fr/pub/ml-archives/caml-list/2002/02/944945f507884d41bad70d4d47a6ab39.en.html


      > In any case this is a non issue with the remote FCGI or AJP connectors
      > as the process runs with your user id -- it cannot do anything you are
      > not allowed to do logging to the box. In other words : you mess with
      > your files as you like but nothing else ! :)
      >
      >
      > Cheers,
      > ChriS
      >
      >
      >
      > Archives up to August 22, 2005 are also downloadable at http://www.connettivo.net/cntprojects/ocaml_beginners/
      > The archives of the very official ocaml list (the seniors' one) can be found at http://caml.inria.fr
      > Attachments are banned and you're asked to be polite, avoid flames etc.
      > Yahoo! Groups Links
      >
      >
      >
      >
      >
      >
      >

      --
      Martin Jambon, PhD
      http://martin.jambon.free.fr

      Edit http://wikiomics.org, bioinformatics wiki
    Your message has been successfully submitted and would be delivered to recipients shortly.