Peter Cooper wrote: >>http://example.com/app/_CSP.StreamServer.cls?FILE=/app/login.csp > >I did not know that you could do the above line :{
There's danger everywhere, ignorance being the biggest one of all. ;) I would have preferred it if %CSP.StreamServer had been an abstract class and defined a callback function, called when a file is about to be served, that returns whether or not this is OK. (The default for the return value would, of course, be false.) To make a functioning stream server, a custom class would need to be created that inherits %CSP.StreamServer and overrides the callback function to return true. Advantages: - The name of the stream server is non-standard. Currently, *anyone* that knows Cach� and sees a CSP application can check if the security hole is there or not, whether they have access to the application or not. They don't need *any* information about the application. - Application programmers are forced to be aware of the security problems, because they explicitly have to say "yes, serve this file please" when one is requested. A comment could clarify the issues, and perhaps some pre-built code in the callback could already filter out e.g. .csp, .csr, .inc and similar extensions. This is straying a bit from the original topic, though. ;) Gertjan. -- Gertjan Klein
