[thelist] Web server settings question

Mark Marlow mark at testwiz.com
Thu Feb 10 14:19:35 CST 2005 

One cheapo way to accomplish this is to name the file with an extension that
the server will not handle properly.  On IIS with ASP.Net installed, if the
file extension is ".cs", the server will not return this file.


-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Brooking, John
Sent: Thursday, February 10, 2005 3:00 PM
To: thelist at lists.evolt.org
Subject: [thelist] Web server settings question

Hello, all,

   I just modified my contact email script ([1], but I haven't posted the
new version there yet, maybe tomorrow) for a friend, to write values out to
a CSV data file as well as sending the email containing them. The CSV file
is written to the /cgi-bin directory, same place as the script resides. A
big problem, which I hadn't anticipated, is that in his domain, I (and
anyone else) can type the full URL to the data file (such as
http://www.thedomainname.com/cgi-bin/contacts.csv) directly into the address
box, and it will send the whole file to the client! I didn't expect this,
and the domains that I have don't allow this. (I copied the file to them,
and typed the address, and got an Internal Server Error.

   So I'm thinking that there must be some switch that allows or prohibits
non-executable files in executable directories being sent to the client. I'm
not sure what the server is, but the provider is www.hypermart.net. Can
someone tell me if there is such a setting in any or all of the major
servers? If you happen to know what server this provider is running, that
would be even better! Thanks!

[1] http:/www.pobox.com/~JohnBrook/codelib/

- John
-- 


This message may contain information which is private, privileged or
confidential and is intended solely for the use of the individual or entity
named in the message. If you are not the intended recipient of this message,
please notify the sender thereof and destroy / delete the message. Neither
the sender nor Sappi Limited (including its subsidiaries and associated
companies) shall incur any liability resulting directly or indirectly from
accessing any of the attached files which may contain a virus or the like.

-- 

* * Please support the community that supports you.  * *
http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester and archives
of thelist go to: http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list