Re: [Erlyaws-list] CGIs and more

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

is there anybody out there?  :-)

Anyway, in cvs you can now configure the allowed script types.  In the
server configuration part you could add

    allowed_scripts =3D yaws php cgi

to allow all currently implemented script types.  Or you could write

    allowed_scripts =3D

to disallow even yaws scripts for a virtual server with untrusted
files.  Default is `allowed_scripts =3D yaws'.

If a file of a type that is not allowed is requested, a 404 is
returned.  The alternative would be to treat it as a regular file.
Returning 404 means that adding new script types can break existing
servers.  Treating as regular would mean that a misconfigured server
could accidentally return the source of a script or an executable.
What do you prefer?

Of course, all of this is a bit ad hoc.  A more modular design of Yaws
could be nice, but might also add more overhead.  I have tried to keep
everything simple and fast.

Greetings,

Carsten

--=20
Carsten Schultz (2:40, 33:47), FB Mathematik, FU Berlin
http://carsten.fu-mathe-team.de/
PGP/GPG key on the pgp.net key servers,=20
fingerprint on my home page.