Nice .... simple, effective, and OS-agnostic. The logic for -cfg_uri & -protect provide for flexibility. One thing, just in case, the current directory is not necessarily the directory where the program is located.
A slightly more secure variant is to use search order of directory where shttpd program is located, then if not there, use the current working directory. I just wanted to bring it up because I got back from a site recently where they had a break-in, and the hacker used a path exploit. Any additional security mods would be so implementation-dependent, that it is better to not go down path of trying to add your own which would probably break applications based on older revs. (Plus most people don't need or want them, so this keeps your code lean & mean) David -----Original Message----- From: Sergey Lyubka [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 13, 2008 1:36 PM To: David Lethe Cc: Fred; shttpd-general Subject: Re: [shttpd-general] [1.38 Win] How to encrypt .htpasswd? I've taken a screenshot my desktop when worked on config GUI: http://silversoft.net/~devnull/tmp/v39.png On Feb 13, 2008 6:55 PM, Sergey Lyubka <[EMAIL PROTECTED]> wrote: > After pondering some time about HTML GUI, I decided to go for that: > > Add two command line options > -cfg_uri <uri> > -protect <uri=path,...> > > These options are not set by default. If -cfg_uri option is set, then > SHTTPD gona show the configuration page if one goes to specified URI. > > -protect option can be used to password-protect this URI. > (Also to protect any other URI, really, which overrides standard > .htpasswd file protection for that URI). > > Also I changed the semantics of loading config file: > > o If config file is not specified as last argument after all options, > shttpd tries to load "shttpd.conf" from current directory > o If there is no shttpd.conf, it proceeds with defaults. > o If config file is specified explicitely, shttpd fails if it cannot > open config file. > > This allows to skip config file setting in the command line, and still load > it. > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ shttpd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shttpd-general
