[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: DAV



On Thu, Oct 07, 2004 at 11:03:53PM +0100, Joe Orton wrote:
> I don't see how this makes sense with HTTP.  The code with the buffer
> overflows is the HTTP parsing and SSL handling.  THat's also the code
> which you must trust to determine what "user context" a request might be

A samba like httpd would take the first request running as a non-user with just
some basic auth rights and if neccessary start a server as that user via
a priviledged single purpose helper. It would then hand the socket to that
process (or could use http redirects except some DAV clients shit themselves
when this occurs)

Architecture is easy here, code is another matter !


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]