From: Carsten S. <ca...@gn...> - 2003-07-22 10:07:32
|
Hi, is there anybody out there? :-) Anyway, in cvs you can now configure the allowed script types. In the server configuration part you could add allowed_scripts =3D yaws php cgi to allow all currently implemented script types. Or you could write allowed_scripts =3D to disallow even yaws scripts for a virtual server with untrusted files. Default is `allowed_scripts =3D yaws'. If a file of a type that is not allowed is requested, a 404 is returned. The alternative would be to treat it as a regular file. Returning 404 means that adding new script types can break existing servers. Treating as regular would mean that a misconfigured server could accidentally return the source of a script or an executable. What do you prefer? Of course, all of this is a bit ad hoc. A more modular design of Yaws could be nice, but might also add more overhead. I have tried to keep everything simple and fast. Greetings, Carsten --=20 Carsten Schultz (2:40, 33:47), FB Mathematik, FU Berlin http://carsten.fu-mathe-team.de/ PGP/GPG key on the pgp.net key servers,=20 fingerprint on my home page. |