[thelist] Dynamically Generated External CSS file (fwd)
Paul Cowan
paul at wishlist.com.au
Thu Jun 7 19:13:32 CDT 2001
A couple of things on the asp/cold fusion/whatever serving up dynamic CSS
discussions:
First, Eric Engelmann wrote:
> * Mapping .css to asp.dll (which I saw recently on this list... but I'd
> rather avoid it if possible. Setting up more server mappings in IIS is
just
> scary, given that the MS security checklist basically removes them all
> except asa,asp)
The important thing here is the security of the DLL itself. Adding file
extensions to the one mapping you ARE allowed to use (asp.dll should be
the only one in use, the others that come installed by default basically
turn your new webserver into a $15,000 sieve) is absolutely fine [1].
It's important to reduce the non-essential DLLs used in mappings, not
the mappings themselves.
Then James Aylard wrote:
> Paul Cowen suggested a separate extension
Cowan.
(don't worry, I'm used to it, believe me!)
Paul
[1] Paul Cowan Free Web Advice Limited will not be held liable for
any security holesd cause by some previously unknown IIS security
bug due to file EXTENSIONS, not mappings, like filename extensions
with non-7-bit-ascii characters in them, dashes, underscores,
periods, or, knowing microsoft, the letter 'e'.
More information about the thelist
mailing list