[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Does your software?

  Umm, your get only server sounds like it is secure, but what is the
point advertising it to this list? I could program a GET only
server in far fewer than 80 lines in just a few hours. You could
do it in even fewer lines of perl, or /bin/sh. A real HTTP server
must support all of HTTP/1.0 however for it to be considered a server.
Since yours doesn't, it isn't, it's just a toy. a better project would be
to make HTTP requests under CERN more secure.  In fact, if you don't
handle CGI, you can't handle forms, which means you can't handle
commerce securely.

secure perl "get only" server server
copy perl to a secure filesystem
have a chroot c-wrapper there
the wrapper chroot's to this directory and runs the perl script
perl is effectively boxed in


$line = <STDIN>;
($method, $url, $protocol)=split(/\s+/, $line);
$url =~ s/[^a-zA-Z0-9_]/g;
if($method =~ /^GET/i)
   open(FILE, "$url");
   print "HTTP/1.0 200 OK\nContent-Type: text/html\n\n";
   print <FILE>;

exit 0;