From: Sean Hinde <Sean.Hinde@t-...> - 2003-07-22 12:34:30
> is there anybody out there? :-)
> If a file of a type that is not allowed is requested, a 404 is
> returned. The alternative would be to treat it as a regular file.
> Returning 404 means that adding new script types can break existing
> servers. Treating as regular would mean that a misconfigured server
> could accidentally return the source of a script or an executable.
> What do you prefer?
> Of course, all of this is a bit ad hoc. A more modular design of Yaws
> could be nice, but might also add more overhead. I have tried to keep
> everything simple and fast.
Great. Thanks as well for the detailed work to find those security issues.
I'm not quite sure whether to be re-assured or more worried though..
> Carsten Schultz (2:40, 33:47), FB Mathematik, FU Berlin
> PGP/GPG key on the pgp.net key servers,
> fingerprint on my home page.
NOTICE AND DISCLAIMER:
This email (including attachments) is confidential. If you have received
this email in error please notify the sender immediately and delete this
email from your system without copying or disseminating it or placing any
reliance upon its contents. We cannot accept liability for any breaches of
confidence arising through use of email. Any opinions expressed in this
email (including attachments) are those of the author and do not necessarily
reflect our opinions. We will not accept responsibility for any commitments
made by our employees outside the scope of our business. We do not warrant
the accuracy or completeness of such information.