"G.Richter" wrote:
> > Should the base class be accessible from the browser?
> >
>
> It's not intended to be, but it could lead to denial of service attacks, so
> I add a security check.
What are people doing to protect against people trying to request
objects that Executed by pages, e.g., init.html, constants.html,
header.html, footer.html, etc?
Solutions I can think of are:
1. using an existing apache function or mod_perl handler to block
requests to those files
2. if #1 doesn't exist, create my own
3. add an [$ if $] construct into base.html to check for bad requests,
add Execute an error page instead
What's the best solution?
--
Regards,
Wim Kerkhoff, Software Engineer
Merilus, Inc.
[EMAIL PROTECTED]
S/MIME Cryptographic Signature
