[Info-vax] How would you load balance excess webserver traffic between multiple OpenVMS servers?

Dave Froble davef at tsoft-inc.com
Thu Jan 14 01:19:25 EST 2021 

On 1/13/2021 2:24 PM, Simon Clubley wrote:
> On 2021-01-13, Dave Froble <davef at tsoft-inc.com> wrote:
>> On 1/13/2021 8:17 AM, Simon Clubley wrote:
>>> On 2021-01-12, ultr... at gmail.com <ultradwc at gmail.com> wrote:
>>>> On Tuesday, January 12, 2021 at 1:49:51 PM UTC-5, Simon Clubley wrote:
>>>>> On 2021-01-12, ultr... at gmail.com <ultr... at gmail.com> wrote:
>>>>>>
>>>>>> and again assuming what you say is true you just shot down using OpenVMS for any web services.
>>>>> Sokath, his eyes open!
>>>>>
>>>>> For a more detailed reply, see Arne's reply. I agree with everything
>>>>> in there.
>>>>
>>>> well somebody better tell Mark Daniel he just wasted 20 years of his life developing WASD for nothing. :)
>>>
>>> Even the early versions of WASD had glaring security flaws that survived
>>> for years in the wild and which were only found when someone decided to
>>> do some security probing of WASD.
>>>
>>> You know, the same kind of probing that I did for DCL and which revealed
>>> a decades-old disastrous security flaw in DCL ?
>>
>> "DISASTROUS!?
>>
>> Could you provide documentation on several of the disasters?
>>
>
> Well, I would call a non-privileged user on VAX and Alpha being able
> to get full control of the system from the DCL prompt disastrous.

We seem to have different definitions of "disaster".

However, I do agree that that is a serious security issue.

> As for WASD, the most glaring security flaw I remember was a directory
> traversal flaw but there were several other issues identified.

Marc seems to be rather good at fixing such when it's brought to his 
attention.

> The point I am making David is that outside parties probing a system
> or application can reveal security flaws that have been around for years
> whether that's a glaring security flaw such as the directory traversal
> flaw in WASD or a disastrous flaw in DCL.

I agree, except for your definition of disaster.

> There is a problem in the VMS world where some people think that because
> no-one has bothered to look for vulnerabilities, then that means there
> are no vulnerabilities to be found.

Perhaps some, but not me.  I expect there may be such.  I don't declare 
that they must exist.


-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list