Re: Writing to a local file without a warning

[Todd Hendricks <djtrubeliever () comcast net>]

For local development on my home machine I have used Abyss Web Server by 
Aprelium Technologies, currently at version 2.3.  It is probably the 
simplest and easiest to set up web server I have encountered.

I haven't used it since probably about 2 years ago so I'm sure it's much 
better now than it was then, but at the time I would not have considered 
it for high traffic or multiple-domain situations (and as I'm a linux 
server purist I wouldn't set up a windows box to serve a live web site 
anyways), but for what you are proposing it seems to me this would be 
the perfect solution.

My experience with it is limited to running PHP as a CGI, though I'm 
sure it handles other server side scripting languages without issue.

http://www.aprelium.com/

DISCLAIMER:  I am in no way affiliated with Aprelium Technologies or the 
development of the Abyss Web Server in any fashion.

Regards,
- Todd

Griffiths, Ian wrote:
> If I'm understanding you correctly, a web server would be  far better
> solution.  If the survey isn't too complicated then the code to save the
> answers shouldn't be either.
>
> Ian
>
> -----Original Message-----
> From: Frank Heyne [mailto:fh () rcs urz tu-dresden de] 
> Sent: 28 March 2006 17:33
> To: webappsec () securityfocus com
> Subject: Writing to a local file without a warning
>
>
> Hello,
>
> this is more about webappinsec, but  anyway I hope to get a hint whether
> what I 
> need to do is possible at all. You can answer offline, if you prefer.
>
> Question:
> Is it possible to write a local file from a ht* file without the
> interception 
> of a warning or other dialog?
>
> Task:
> There is a standalone Windows machine with a html page from where people
> can 
> view information stored in local files with IE. It is nearly like a
> kiosk, 
> except the following: 
> There is a questionnaire where people can give some feedback. This must
> write 
> the answers to local files in a write only directory with vbscript.
>
> Problem:
> All works well except that I still found no way to remove all security 
> dialogues.
>
> What I tried:
> 1. I can either put the questionnaire in a html file - than the user
> sees a 
> security warning about the unsecure ActiveX object (File SystemObject)
> when he 
> hits the submit button.
> 2. When I put the questionnaire in a hta file, this warning is missing,
> but 
> there is a dialog asking whether the user wants to run or save the
> (local!) hta 
> file when he clicks on the link to it.
>
> I understand that this behavior is ok in most scenarios, but I need an 
> exception for this machine - is this possible and how? 
> I would prefer a quick solution over installing a local web server or
> sql 
> server, of course 
>
> Any ideas?
>
> Frank Heyne
>
> -------------------------------------------------------------------------
> This List Sponsored by: SpiDynamics
>
> ALERT: "How A Hacker Launches A Web Application Attack!" 
> Step-by-Step - SPI Dynamics White Paper
> Learn how to defend against Web Application Attacks with real-world 
> examples of recent hacking methods such as: SQL Injection, Cross Site 
> Scripting and Parameter Manipulation
>
> https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
> --------------------------------------------------------------------------


-------------------------------------------------------------------------
This List Sponsored by: SpiDynamics

ALERT: "How A Hacker Launches A Web Application Attack!" 
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world 
examples of recent hacking methods such as: SQL Injection, Cross Site 
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------