![]() |
To webmasters - Security in GeneWeb |
Of course, I am just a human being and it is always possible that there are bugs causing security holes through GeneWeb.
However, I paid some special attention to this aspect. There are three directories which are accessed:
Normally, no other directories are accessed. In read and in write, there is no way to access other directories than the ones defined by -hd, -dd or -bd. In the requests holding file names, the file name cannot not start with "/" or "./" or "../". If it does, either the request is refused, or only the
For example, if a request is created "by hand" to hold directories, it is either refused, or the file part in only selected: the request holding "/etc/passwd" or "../../../etc/passwd" would be transformed into "passwd" relative to the GeneWeb directories.
Morever, the language used, Ocaml, is a very serious and solid programming language. Attempts to divert a program from its initial destination by overflowing arrays, accessing bad pointers or uninitialized variables is impossible: in Ocaml all array accesses are checked, there are no pointers and there is no notion of unitialized variables (variables are created by a value assignment). I mean: Ocaml is not C...
Ocaml is a compiled language (= not interpreted): there is no way to execute programs by other ways than explicitely calling them in the code. And the program gwd never calls other programs.
Return Directions for Use.