Hmm, are you telling that I can create a perl file and name it file.html, file.php, or even file.asp, and use a shebang line in it, then it will be parsed as a perl file? Or I need to use extensions that are not set in the server's conf file to be parsed as other types?
Teddy, Teddy's Center: http://teddy.fcc.ro/ Email: [EMAIL PROTECTED] ----- Original Message ----- From: "Randal L. Schwartz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "Kristofer Hoch" <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 7:35 PM Subject: Re: Why executable? >>>>> "Kristofer" == Kristofer Hoch <[EMAIL PROTECTED]> writes: Kristofer> This is what I do for security on my webserver. I don't have the Kristofer> shebang line in my scripts. The webserver has a list of approved perl Kristofer> script extensions. When it runs across a file with this extension, the Kristofer> web server executes it with perl. Otherwise, it treats the file as if Kristofer> it is text/html. And if you are required to include that "extension" as part of your URL, you are actually *decreasing* the security of your webserver, not increasing it. You should never be able to guess the implementation language by looking at a URL. Wrong. Wrong. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
