-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 11.09.2011 20:50, schrieb DaB.:
Hello, At Sunday 11 September 2011 20:49:25 DaB.
wrote:
all files on the toolserver can be checked for
existence, if they
are XML files
disabled for this reason.
@drtrigon: Please fix your script BEFORE you put it back in
action.
Sorry for the inconveniences I caused here!
What is exactly the critical point you are mentioning? Do I understand
you right and would inserting the code
import os
allowed = [item for item in os.listdir('.') if '.xslt' in item]
if xslt not in allowed:
# return some neutral/blank message (hiding all sentive data)
which just allows access to "my" 'xslt' files in 'cgi-bin'
satisfy
those needs in security? Or do you have something else in mind?
(disabling debug info, moving 'xslt' files to another directory,
or even more restrictive, ...?)
Thanks for your feedback and greetings
DrTrigon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk5tEJcACgkQAXWvBxzBrDCT4gCgy65ads8TxohNP0FGADP55Elt
U68An2pbB/rmPmSNH/rHQUlnKxnGfCkL
=e6Po
-----END PGP SIGNATURE-----