[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: weblily: security risk
From: |
Graham Percival |
Subject: |
Re: weblily: security risk |
Date: |
Thu, 11 Mar 2010 01:07:46 +0000 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
I apologize for this email; I jumped to a false conclusion and
made a baseless accusation. I now have no reason to believe that
weblily poses a risk.
I'm sorry.
- Graham Percival
On Wed, Mar 10, 2010 at 08:21:24PM +0000, Graham Percival wrote:
> Mr. Weblily,
>
> I like your enthusiasm with your weblily project, but for Mao's
> sake please learn something about computer security. The current
> website is completely insecure.
>
> This is not a theoretical concern. It would take me approximately
> two minutes to delete everything in your /home/lily/ directory --
> not just material in /home/lily/scores/.
>
>
> I wouldn't do this, of course -- but if a non-expert like me could
> do this so quickly, I'm certain that an experienced and malicious
> hacker could do far worse. Such as taking over your machine and
> using it to attack other websites, distributing child porn, or
> whatever.
>
> If you want to continue to run your project without any regard for
> security, that's your business, but I want it understood that
> YOU HAVE COMPLETELY DISREGARDED ALL COMMON SENSE AND HAVE NOT READ
> THE MATERIAL ABOUT SECURITY IN OUR DOCUMENTATION. YOU RUN
> LILYPOND IN THIS FASHION COMPLETELY AT YOUR OWN RISK, AND IF THE
> GERMAN EQUIVALENT OF THE FBI COMES KNOCKING ON YOUR DOOR ASKING
> WHY YOU ARE DISTRIBUTING RIPS OF HOLLYWOOD MOVIES OR PIRATED
> COMMERCIAL SOFTWARE, YOU CANNOT BLAME LILYPOND.
>
> The internet is not a playground. If you're going to hand
> complete control over your server to other people, you might not
> like the consequences.
>
> - Graham Percival