[Seaside-dev] Re: [Pharo-project] Web app security
dhenrich at vmware.com
Sat Aug 6 12:31:47 UTC 2011
----- Original Message -----
| From: "laurent laffont" <laurent.laffont at gmail.com>
| To: "Seaside - developer list" <seaside-dev at lists.squeakfoundation.org>, "An open mailing list to discuss any topics
| related to an open-source Smalltalk" <pharo-project at lists.gforge.inria.fr>
| Sent: Saturday, August 6, 2011 3:06:38 AM
| Subject: [Pharo-project] Web app security
| with a public SmallHarbour (public fork of SeasideHosting -
| smallharbour.org ) people can upload images that do bad things:
| change filesystem, run commands, ....
| Actually, what are the ways of securing a server so people can't do
| bad things ?
| I'm thinking of:
| - run the vm/image within a low right unix account
| - remove dangerous plugins (OSProcess, ?)
| Can we easily chroot ?
| what are known solutions ?
More information about the seaside-dev