*HCS* ContactDB: review, modify, add

dmolnar dmolnar at hcs.harvard.edu
Thu May 18 23:15:08 EDT 2000


On Thu, 18 May 2000, Noam Zeilberger wrote:

> around by POST and checked before each request.  We think this is secure
> (except for sniffability, of course), but maybe there's some way to pass
> in variables that subverts it (dmolnar, you listening:?).

yeah, I'm reading. enb has Apache+SSL compiled on it. Sometime
after I'm done with finals on Tuesday I'll figure out whether Harvard
can sign a server cert for us -- that would get rid of the sniffability
problem.

As for passing in variables -- the first thing to look for would be
some kind of buffer overflow. Try passing in lots and *lots* of random
garbage and see what happens. :-)

Thanks, 
-David




More information about the hcs-discuss mailing list