[DGD] Re: httpd?
Erwin Harte
harte at xs4all.nl
Mon Sep 24 19:58:10 CEST 2001
On Mon, Sep 24, 2001 at 08:51:42PM +0300, Risto Karjalainen wrote:
> I once ran a little test with the binary port of DGD. I wrote a simple
> object that had something like this in its receive_message function:
>
> void receive_message(string str)
> {
> string filename, html, tmp;
>
> sscanf(str, "GET %s %s", filename, tmp);
> html = read_file(filename);
> html = implode(explode(html, "\n"), "\r\n"); /* Newline conversion */
> send_message(html);
> destruct_object(this_object());
> }
>
> It's very minimalistic and it hasn't any kind of error tolerance, plus its
> features are very limited. Although if I remember correctly, I got it to
> work and send simple html documents to my browser. Also I remember I had a
> check if the file to send is an image, the newline conversion isn't done.
I think you can get away with not doing any newline conversion at all.
> The code might not work on its own (untested by me), but it mightgive a
> little pointer to the right direction.
Hmm...
GET /kernel/sys/driver.c HTTP/1.0
Fun. ;-)
Minimal security setup would include:
1. Use a base directory other than the lib root.
2. Have the code check for .. path-entries in the request and either
resolve these entries before applying the base-directory, or
consider such requests illegal.
Regards,
Erwin.
--
Erwin Harte <harte at xs4all.nl>
_________________________________________________________________
List config page: http://list.imaginary.com/mailman/listinfo/dgd
More information about the DGD
mailing list