Pretty stupid thing to say. If the person who inputs the garbage is the admin (which is the case here, since only an admin can create rewrite rules) then it's not surprising that security might be compromised. There's no way you can make software safe from incompetent people with admin privileges.
I do not agree.
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
Beware, you're one step away from advocating iOS here. At least on iOS, it's harder for users to break things by typing nonsense in the configuration section.
What if the admin wants to do this intentionally to make internal resources available? Do you propose to limit the abilities of the regex in question to only make certain things possible? That doesn't seem like an improvement.
Like korgitser mentions in this comment [slashdot.org], exceptions can be made, but by default it shouldn't be possible. I'm not saying it should be absolutely impossible to do this, but add another layer of protection which prevents admins from accidentally doing something like this. If an admin intentionally wants to do this and sets a specific configuration flag which allows him to do so, then that's a different story.
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
Thin ice here... The unix world seems to think, and usually it is the case, that by preventing the user from doing stupid things, you also prevent him from doing clever things. Yes there are exceptions, but it is important on which side you default.
The world is moving so fast these days that the man who says it can't be
done is generally interrupted by someone doing it.
-- E. Hubbard
Garbage in, (Score:1)
Garbage out. What else is new?
Re: (Score:5, Insightful)
Re: (Score:5, Insightful)
Pretty stupid thing to say. If the person who inputs the garbage is the admin (which is the case here, since only an admin can create rewrite rules) then it's not surprising that security might be compromised. There's no way you can make software safe from incompetent people with admin privileges.
Re:Garbage in, (Score:3)
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
Re: (Score:2)
I do not agree.
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
Beware, you're one step away from advocating iOS here. At least on iOS, it's harder for users to break things by typing nonsense in the configuration section.
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Software should prevent people, including even the most experienced admins, from making such mistakes. The fact that it's possible to make such a mistake is a flaw in the software.
Thin ice here... The unix world seems to think, and usually it is the case, that by preventing the user from doing stupid things, you also prevent him from doing clever things. Yes there are exceptions, but it is important on which side you default.