Re: NT Security (PERL)

• Subject: Re: NT Security (PERL)
• From: David Tauzell <tauzell@math.umn.edu>
• Date: Mon, 20 May 1996 14:41:33 -0500 (CDT)
• cc: www-security@ns2.rutgers.edu
• In-Reply-To: <v03006d0cadc4e79f0c53@[129.7.6.193]>

On Sun, 19 May 1996, Enrico Cantu wrote:

> At 12:28 PM  +0000 5/17/96, Jason M. Feilbach wrote:
> >I have recently read about the lack of security on Microsoft and
> >Apple operating systems when using webserver software and have PERL
> >services enabled. I cannot however, find any solution to the problem
> >mentioned. Nor is their a workaround. The only solution is to disable
> >(remove) PERL (perl.exe) which is not viable as these services are
> >important. We have many NT (v3.51) servers running Netscape 1.13.

1. check out http://w4.lns.cornell.edu/~pvhp/perl/ntperl.htm

2. Some claim that you can use the FileManager to associate *.pl files
with the perl interpreter.  I cannot test this as I don't have access to
an NT server.

3. The official info from Netscape (which might be old news to you) is
that you should write wrapper programs which are .exe, not .bat since
there is another security hole accociated with .bat files. 

The above reference contains pointers to the Netscape info.

---
David Tauzell         Math Dept. Systems Staff
Office  Phone: 625-4895

• Re: NT Security (PERL)
• From: Enrico Cantu <ecantu@uh.edu>

• Previous: Re: Macintosh Web Server Issues
• Next: Re: May, 1996 Java/Netscape hole from Princeton team
• Index(es):
  • Index
  • Thread