[Info-vax] HTTP and HTML File Upload Basics
Arne Vajhøj
arne at vajhoej.dk
Fri Oct 23 20:41:36 EDT 2020
On 10/23/2020 10:07 AM, Phillip Helbig (undress to reply) wrote:
> In article <rmuluj$ch$2 at dont-email.me>,
> =?UTF-8?Q?Jan-Erik_S=c3=b6derholm?= <jan-erik.soderholm at telia.com>
> writes:
>> But even so, it is not hard to make a public web interface to
>> a VMS box secure. It is not like letting everyone have an open
>> interface to DCL.
>
> Right. Run the server on an account with no privileges and, if you
> wish, have password-protected pages. These can use the SYSUAF and
> produce VMS intrusions in case of problems, which you can tailor to
> taste. Let it use a disk used by nothing else. Adjust process priority
> and quotas. Run HTTPs if you wish.
If you allow any type of upload and you are not careful, then
you can still get into big problems with a no priv setup.
Arne
More information about the Info-vax
mailing list