WebApp Sec mailing list archives
Re: Prevent security bypass
From: "Chris Travers" <chris () travelamericas com>
Date: Tue, 4 Feb 2003 18:59:36 -0800
You actually don't need an ISAPI filter-- you can do this with any server-side programming components (ASP/PHP/ISAPI, etc.) I have done something similar on the programatic level. (I am the primary maintainer of http://hermesweb.sourceforge.net) but that method has some disadvantages: 1) It can be tricky to impliment-- why reinvent the wheel unless you have to (in the case of HERMES, we had to). 2) It is easy to miss something that could lead to security compromise or DOS. 3) In my case, since nothing was URL indexed, content could not be referred to via URL. If you can, you should try things on the web server level first with the platform features, and only extned things programatically if you have to. Best WIshes, Chris Travers
Current thread:
- Re: Prevent security bypass, (continued)
- Re: Prevent security bypass Chris Travers (Feb 04)
- Re: Prevent security bypass c3rb3r (Feb 04)
- Re: Prevent security bypass Adrian Wiesmann (Feb 04)
- Re: Prevent security bypass sunzi (Feb 07)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- HTTP Header and POST Data Exploitation Rahul Chander Kashyap (Feb 08)
- RE: HTTP Header and POST Data Exploitation Indian Tiger (Feb 09)
- Re: Prevent security bypass Ernie Nelson (Feb 07)
- Re: Prevent security bypass Ken Rachynski (Feb 04)
- RE: Prevent security bypass David Cameron (Feb 04)
- RE: Prevent security bypass Vinny Bedus (Feb 05)
- Re: Prevent security bypass Chris Travers (Feb 05)
- RE: Prevent security bypass Vinny Bedus (Feb 05)
- RE: Prevent security bypass Logan F.D. Greenlee (Feb 05)
- RE: Prevent security bypass Kim Christiansen (Feb 05)
- RE: Prevent security bypass Mark Mcdonald (Feb 05)
- Re[2]: Prevent security bypass M. Austin Hill (Feb 05)
- RE: Prevent security bypass TUER, DON (Feb 06)
- Re: Prevent security bypass Alex Russell (Feb 06)
- Re: Prevent security bypass Adrian Wiesmann (Feb 06)
- Re: Prevent security bypass Chris Travers (Feb 07)