|
 |
Orchid XP v8 wrote:
> So instead of sharing datestamped messages and displaying them as
> emails, you share datestamped messages and display them as calendar
> appointments. Big deal.
Well, no. Because it's coordinated, you see. Plus it has to be machine
readable, which is obviously non-trivial given it doesn't really work
cross-platform.
>> A centralized email server isn't sharing anything between users, nor
>> updating things already in the database.
>
> OK, so it's the sharing of stuff (whatever it may be) between multiple
> users that's the hard part. (Especially when each user potentially has
> an offline cache of the database.)
Yes. Otherwise, it's just IMAP.
> We have a couple of 3rd party applications that do this. Apparently they
> all word by using something called LDAP (which is an open standard). You
> don't need a special feature of the web server just for that.
How do I configure Apache to do that?
> According to the blog where I first saw this mentioned, if you do
>
> http://example.com/priv/file1
>
> it asks for a username and password due to the security settings on that
> folder. However, if you do
>
> http://example.com\priv\file1
>
> it just serves the file, bypassing the security.
That's *still* not root access. That's serving a file without the web server
asking permission to serve the file. You're bypassing the web server's
security list, not the OS's security list.
> Either way, I'm sure this *specific* bug has long since been fixed. But
> the fact that such a simple and obvious bug happened in the first place
> isn't very reassuring.
And you know what? In the early versions of Netscape, if your web browser
his a URL that read "telnet:;rm -rf ~" you'd lose all your files, because it
just changed the first colon to a space and passed it to the shell as a
command. Everyone makes stupid errors.
--
Darren New, San Diego CA, USA (PST)
"We'd like you to back-port all the changes in 2.0
back to version 1.0."
"We've done that already. We call it 2.0."
Post a reply to this message
|
|
