WebApp Sec mailing list archives
Re: Writing to a local file without a warning
From: Todd Hendricks <djtrubeliever () comcast net>
Date: Wed, 29 Mar 2006 00:31:03 -0600
For local development on my home machine I have used Abyss Web Server by Aprelium Technologies, currently at version 2.3. It is probably the simplest and easiest to set up web server I have encountered.
I haven't used it since probably about 2 years ago so I'm sure it's much better now than it was then, but at the time I would not have considered it for high traffic or multiple-domain situations (and as I'm a linux server purist I wouldn't set up a windows box to serve a live web site anyways), but for what you are proposing it seems to me this would be the perfect solution.
My experience with it is limited to running PHP as a CGI, though I'm sure it handles other server side scripting languages without issue.
http://www.aprelium.com/DISCLAIMER: I am in no way affiliated with Aprelium Technologies or the development of the Abyss Web Server in any fashion.
Regards, - Todd Griffiths, Ian wrote:
If I'm understanding you correctly, a web server would be far better solution. If the survey isn't too complicated then the code to save the answers shouldn't be either. Ian -----Original Message-----From: Frank Heyne [mailto:fh () rcs urz tu-dresden de] Sent: 28 March 2006 17:33To: webappsec () securityfocus com Subject: Writing to a local file without a warning Hello, this is more about webappinsec, but anyway I hope to get a hint whetherwhat I need to do is possible at all. You can answer offline, if you prefer.Question: Is it possible to write a local file from a ht* file without theinterception of a warning or other dialog?Task: There is a standalone Windows machine with a html page from where peoplecan view information stored in local files with IE. It is nearly like a kiosk, except the following: There is a questionnaire where people can give some feedback. This must write the answers to local files in a write only directory with vbscript.Problem:All works well except that I still found no way to remove all security dialogues.What I tried: 1. I can either put the questionnaire in a html file - than the usersees a security warning about the unsecure ActiveX object (File SystemObject) when he hits the submit button.2. When I put the questionnaire in a hta file, this warning is missing,but there is a dialog asking whether the user wants to run or save the (local!) hta file when he clicks on the link to it.I understand that this behavior is ok in most scenarios, but I need an exception for this machine - is this possible and how? I would prefer a quick solution over installing a local web server or sql server, of courseAny ideas? Frank Heyne ------------------------------------------------------------------------- This List Sponsored by: SpiDynamicsALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulationhttps://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
------------------------------------------------------------------------- This List Sponsored by: SpiDynamicsALERT: "How A Hacker Launches A Web Application Attack!" Step-by-Step - SPI Dynamics White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation
https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl --------------------------------------------------------------------------
Current thread:
- Writing to a local file without a warning Frank Heyne (Mar 28)
- <Possible follow-ups>
- RE: Writing to a local file without a warning Griffiths, Ian (Mar 28)
- Re: Writing to a local file without a warning Todd Hendricks (Mar 29)
- Re: Writing to a local file without a warning Frank Heyne (Mar 29)
- Re: Writing to a local file without a warning Todd Hendricks (Mar 29)
- RE: Writing to a local file without a warning Damhuis Anton (Mar 29)