> Welllll... an anonymous account that can't really do very much. As you
> said, "nobody" has very little access to anything.
I feel that it would be a little irresponsible for the executive to disclose
the nature of the exposure, but the risks are real and the exposure was being
exploited by one or more ProgSoc members (thus, we can no longer even hide
our heads in the sand and pretend that it won't be a problem). The only way
to secure this exposure is to withdraw from users the ability to utilise the
nobody UID.
> I think maybe we need to review this decision. I'm not a web expert by any
> stroke of the pen but I don't know that we've actually solved our problem.
> We may have made it worse:
We have certainly upset a few users and regret that, but we certainly haven't
worsened the nature of the problem that was being addressed.
> >However, all is not lost. We are completing the installation of a program
> >called cgi-wrap, which runs all cgis as the user who owns the page.
>
> Here's what the WWW Security FAQ said about cgi-wrap: