In this previous posting to webware-discuss:
http://www.geocrawler.com/lists/3/SourceForge/3854/25/7041547/
I included a patch to WebKit/Application.py that avoids glob expansion
on the directory part of URIs.
There's a problem with that patch: it raises an exception
when the directory part doesn't exist.
The fix is simple: change
for f in os.listdir(dir or os.curdir):
...
to:
try:
for f in os.listdir(dir or os.curdir):
...
except OSError:
pass
By the way, the November issue of ;login: summarizes an interesting paper
on common web client authentication mistakes.
It's worth reading if you're using Webware cookies for
client authentication.
It prompted me to make these changes to my site:
- periodically reseed python's random number generator
from a strong source (/dev/random or EGD),
- bind sessionIds to client IP addresses, to reduce
replay risk (though it may bug mobile DHCP people),
- after successful name+password authentication in an SSL session,
drop the old session and generate a new one.
Set the "secure" flag in the associated _SID_ cookie
sent to the client, to reduce the risk of eavesdropping.
You can get the paper at:
http://cookies.lcs.mit.edu/pubs/webauth:tr.pdf
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
