Berkeley CSUA MOTD:Entry 13607
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/09 [General] UID:1000 Activity:popular
7/9     

1998/2/2-3 [Computer/SW/Security, Computer/SW/Languages/Misc, Computer/SW/Unix] UID:13607 Activity:high
2/1     What is the easiest way to allow people (actually myself) to upload
        stuff through my web page?  --- clueless
        \_ DON'T DO IT.
        \_ This may open you up to a lot of security risks; think carefully
           when you implement something.  How do you want to do it?  Do you
           want to enter text into a form and then have it available as a
           file in an account somewhere?
           \_ Don't listen to these idiots.  The easiest way is probably
              HTTP PUT; see the Apache documentation.
                \_ Oh really?  So where's a page you wrote that allows
                   uploads?  Post the URL so we can all have fun hacking it.
                   \_ Why don't you just tell us how to hack HTTP PUT.
                      \_ "There are few scripts available which implement PUT
                         handling securely." _Apache Week_, April 4 1997
                         In concept it _can_ be secure, but it's not an
                         unrealistic concern; frequently the PUT scripts
                         have holes, even more than other CGI stuff.
                         \_ PUT is fairly simple; it is not difficult to write
                            a secure PUT script.  You don't need "many"
                            scripts available which implement PUT securely,
                            you only need one.
                            \_ right, but first you've got to find it. :-)
                                \_ If you use suexec, it's not hard to
                                   write one.  Just make all paths relative
                                   to the document root and disallow ".."
                                   and other funky characters.
                \_ YES! suexec is much more secure! We really should run
                   httpd on soda instead of scotch so that one will not be
                   able to kill the "nobody" process arbitrarily.
                                   \_ I'm still waiting to see your secure
                                      page.  Post the URL when you're ready.
                   \_ Oh, give it up.
        \_ thanks for all your responses.  I wanted to do this as a way to
           replace ftp to transfer my manifestos:-).  The web server is going
           to be running only when I need to transfer file and is shut down
           the moment the transfer is done.  So I guess it does not need to
           be too secure.  Anyway, the question is now whether I will get
           enough clue to find out how to write a minimal script. -- clueless
           \_ You must be too sexy to use scp.
              \_  No, Jobs is too sexy to have scp developed for mac.
2025/07/09 [General] UID:1000 Activity:popular
7/9     

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
	...
2012/9/20-11/7 [Computer/SW/Unix, Finance/Investment] UID:54482 Activity:nil
9/20    How do I change my shell? chsh says "Cannot change ID to root."
        \_ /usr/bin/chsh does not have the SUID permission set. Without
           being set, it does not successfully change a user's shell.
           Typical newbie sys admin (on soda)
           \_ Actually, it does: -rwsr-xr-x 1 root root 37552 Feb 15  2011 /usr/bin/chsh
	...
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
	...
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport"
        http://www.csua.org/u/x2f (in.news.yahoo.com)
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
	...
2012/5/8-6/4 [Computer/SW/Unix] UID:54383 Activity:nil
5/8     Hello everyone!  This is Josh Hawn, CSUA Tech VP for Spring 2012.
        About 2 weeks ago, someone brought to my attention that our script
        to periodically merge /etc/motd.public into /etc/motd wasn't
        running.  When I looked into it, the cron daemon was running, but
        there hadn't been any root activity in the log since April 7th.  I
        looked into it for a while, but got lost in other things I was
	...
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        Firefox?
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
	...
2013/10/24-2014/2/5 [Academia/Berkeley/CSUA/Motd, Computer/SW] UID:54746 Activity:nil
9/26    I remember there was web version of the motd with search function
        (originally due to kchang ?).  The last time I used it it was hosted
        on the csua website but I can't remember its url (onset of dementia?)
        now. Can somebody plz post it, tnx.
        \_ http://csua.com
           \_ for some reason I couldn't log in since Sept and the archiver
	...
2013/10/28-2014/2/5 [Computer/SW/Database] UID:54751 Activity:nil
10/28   Oracle software to blame for Obamacare website debacles:
        http://www.forbes.com/sites/theapothecary/2013/10/14/obamacares-website-is-crashing-because-it-doesnt-want-you-to-know-health-plans-true-costs
        \_ Larry Ellison is a secret Tea Party supporter.
           Most of this article is bunk, btw. Boy are the Republicans
           getting desperate.
            \_ Umm, no.  Larry Ellison is a not so secret fascist.
	...
2013/12/13-2014/2/5 [Computer/SW/Languages/Web] UID:54757 Activity:nil
12/17   http://axonflux.com/5-quotes-by-the-creator-of-php-rasmus-lerdorf
        Why I love PHP.
12/17
 _________________________________________
/ You will pay for your sins. If you have \
| already paid, please disregard this     |
	...