On Friday 14 December 2001 06:55, Geoffrey Talvola wrote:
> At 04:04 PM 12/13/01 -0800, Tavis Rudd wrote:
> >Here's a patch to implement ExtensionsToServe, FilesToHide, and
> >FilesToServe. They work as I documented yesterday, and will also
> > need to be added to the default config file.
>
> Exce
At 04:04 PM 12/13/01 -0800, Tavis Rudd wrote:
>Here's a patch to implement ExtensionsToServe, FilesToHide, and
>FilesToServe. They work as I documented yesterday, and will also need
>to be added to the default config file.
>
>IMHO,there's far too much coupling in there between the Application
>and
Here's a patch to implement ExtensionsToServe, FilesToHide, and
FilesToServe. They work as I documented yesterday, and will also need
to be added to the default config file.
IMHO,there's far too much coupling in there between the Application
and Request classes, which makes it harder than it
I submitted at patch to the webware SF Patches page a while back
that implements "ExtensionsToServe":
https://sourceforge.net/tracker/index.php?func=detail&aid=486598&group_id=4866&atid=304866
But the fix is incomplete: it only applies to URIs that don't specify
a trailing extension. Changin
On Thursday 13 December 2001 11:59, Geoffrey Talvola wrote:
> 2 questions:
>
> - Can this be made backward-compatible by also allowing the name
> "ExtensionsToIgnore", perhaps emitting a deprecation warning
> message?
Sure, why don't we just stick with ExtensionsToIgnore for now? I
think 'Exten
2 questions:
- Can this be made backward-compatible by also allowing the name
"ExtensionsToIgnore", perhaps emitting a deprecation warning message?
- Now that you've done the work in your experimental version, could you
adapt it to create a patch for Webware CVS?
At 01:40 PM 12/12/01 -0800, T
ation option, say
> "LimitFileTpesServed", and then ExtensionsToServe would list what
> may be served.
>
> J
>
> > -Original Message-
> > From: Geoffrey Talvola [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, December 12, 2001 2:51 PM
> > To: [
IL PROTECTED]]
> Sent: Wednesday, December 12, 2001 2:51 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [Webware-devel] security hole in WebKit
>
>
> At 11:55 AM 12/12/01 -0800, Tavis Rudd wrote:
> >Hi,
> >in the cvs version of WebKit (and I assume all previous v
At 11:55 AM 12/12/01 -0800, Tavis Rudd wrote:
>Hi,
>in the cvs version of WebKit (and I assume all previous versions)
>it's possible to access backup versions of the .py servlet files:
>http://localhost/WK/Welcome.py~ for example. This could expose
>information about the site that should be kept p
