Regarding w4py.org, I'm not sure what specific security issues you're
referring to with regards to having the whole tree available. As long
as the .py files and other scripts are not executed by the web server,
we'll be fine.

They ARE executed, that's what I'm talking about. For example,
http://w4py.org/Webware/WebKit/Examples/Welcome.py
http://w4py.org/Webware/WebKit/Admin/Main.py

The reason is that the whole Webware tree has been copied to the default context, so everything is available and executable under Webware.

The new Webware release has default contexts for displaying only the docs, so it would not be needed to copy the whole tree to the default context. Another and more efficient variant is letting Apache serve the docs directly, and not Webware.

-- Chris


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Webware-devel mailing list
Webware-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/webware-devel

Reply via email to