Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Just to build on this, there are RCEs that involve overflowing headers; Go just had one not that long ago. There's plenty of inputs on a GET request. You still need to do proper security on a static site.


Or.. a commodity static hosting provider can do proper security for you.

I don’t tend to worry about the RCE risk of hosting files in an S3 bucket behind a cloudfront distribution. That’s someone else’s problem.


Commodity hosting with proper security is also available for dynamic website technologies.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: