Security .. or why I think its safe
One of the goals of this project was to make sure that the server was small, stable, and secure.
What does that mean?
By this I mean that your server should not be compromised, in any way simply because it is running this software.
With this in mind there are three important things that the server should protect against:
- Nobody should be able to browse your filesystem, except that specific part which you make your server root
- Nobody should be able to crash the server, so that you can't use it. (A denial of service attack).
- Nobody should be able to trick the server into running code of their choosing
Confidence
I'm confident that these things can't happen, because I had them in mind when I was writing the software, but nobody is perfect and I would not like to suggest this software is perfect.
Most of the common buffer overflows should be impossible due to the implementation language of Perl. Likewise signal attacks, or format string attacks shouldn't be anything to worry about.
Testing
I believe that my server (this software), doesn't allow anybody to subvert your machine - and I've tested this to the best of my ability.
Security Notifications
After reading BugTraq, etc, I know that having a good contact address is essential - my email address is listed at the bottom of each page on this website, so you shouldn't have too much difficulty in finding it ;)
(If you wish you may use my gpg key).
Previous Security Holes
Information on previously discovered security holes is available.