WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Prevent security bypass

From: "Chris Travers" <chris () travelamericas com>
Date: Tue, 4 Feb 2003 18:59:36 -0800
You actually don't need an ISAPI filter-- you can do this with any
server-side programming components (ASP/PHP/ISAPI, etc.)  I have done
something similar on the programatic level. (I am the primary maintainer of
http://hermesweb.sourceforge.net) but that method has some disadvantages:

1)  It can be tricky to impliment-- why reinvent the wheel unless you have
to (in the case of HERMES, we had to).
2)  It is easy to miss something that could lead to security compromise or
DOS.
3)  In my case, since nothing was URL indexed, content could not be referred
to via URL.

If you can, you should try things on the web server level first with the
platform features, and only extned things programatically if you have to.

Best WIshes,
Chris Travers
Previous By Date Next
Previous By Thread Next

Current thread: