-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 11.09.2011 20:50, schrieb DaB.:
Hello, At Sunday 11 September 2011 20:49:25 DaB. wrote:
all files on the toolserver can be checked for existence, if they are XML files
disabled for this reason.
@drtrigon: Please fix your script BEFORE you put it back in action.
Sorry for the inconveniences I caused here!
What is exactly the critical point you are mentioning? Do I understand you right and would inserting the code
import os allowed = [item for item in os.listdir('.') if '.xslt' in item] if xslt not in allowed: # return some neutral/blank message (hiding all sentive data)
which just allows access to "my" 'xslt' files in 'cgi-bin' satisfy those needs in security? Or do you have something else in mind? (disabling debug info, moving 'xslt' files to another directory, or even more restrictive, ...?)
Thanks for your feedback and greetings DrTrigon