[Date Prev]   [Date Next] [Thread Prev]   [Thread Next] [Date Index]   [Thread Index]


     Re: [nocol-users] security problems with webnocol.cgi, genweb.pl, notifier.pl, etc.

> 	Are these scripts going to be preserved in snips? If so,
> 	have they already been tightened? If not, is there someone
> 	who knows the scripts well that could try adding the excerpt
> 	above to all of nocol's perl code and eliminate the resulting
> 	warning messages? I'll try to help by answering any perl
> 	questions you might have.

	While I agree there are problems, the scripts probably need to
be .htaccess protected and only used by your NOC staff.

	As for SNIPS, I personally haven't heard much of it in recent times.

	In the last month we've begun to become more and in-depth in using
Nocol, and keep finding more and more that theres alot more problems than
security.  The correct and proper operation of HOSTMON should seriously be
questioned.  NSMON is sorta broken, and only due to begging someone, did we
get it fixed.  

	GRANTED, the system is public domain and development is slow, so
you get what you pay for.  

			Tuc/TTSG Internet Services, Inc.