is there anybody out there? :-)
Anyway, in cvs you can now configure the allowed script types. In the
server configuration part you could add
allowed_scripts =3D yaws php cgi
to allow all currently implemented script types. Or you could write
to disallow even yaws scripts for a virtual server with untrusted
files. Default is `allowed_scripts =3D yaws'.
If a file of a type that is not allowed is requested, a 404 is
returned. The alternative would be to treat it as a regular file.
Returning 404 means that adding new script types can break existing
servers. Treating as regular would mean that a misconfigured server
could accidentally return the source of a script or an executable.
What do you prefer?
Of course, all of this is a bit ad hoc. A more modular design of Yaws
could be nice, but might also add more overhead. I have tried to keep
everything simple and fast.
Carsten Schultz (2:40, 33:47), FB Mathematik, FU Berlin
PGP/GPG key on the pgp.net key servers,=20
fingerprint on my home page.