According to Torsten Neuer:
> According to Geoff Hutchison:
> >I don't know of how security would benefit from a module, but I imagine
> >there might be benefits there.
>
> Security benefits will mainly come from hiding away the "restrict",
> "exclude" and "config" parameters of htsearch. I remember that
> methods of hiding these parameters from the end user for better
> security of internal pages have been discussed on the htdig mailing
> list not too long ago.
If security is the main goal here, how about adding a disallow_in_form
attribute to prevent users from using certain input parameters, like
restrict and exclude. (The allow_in_form attribute that Leo added to
htsearch allows you to specify which configuration attributes can be
overridden by input parameters. What I'm proposing would be slightly
different, in that it doesn't have anything to to with configuration
attributes, but rather it affects the current set of allowed input
parameters.) This wouldn't work for the "config" parameter, as
htsearch wouldn't see the disallow_in_form attribute until it reads
the configuration file. This isn't a huge problem, as htsearch already
limits config to a specific directory, selected as compile time. If you
want to make this more restrictive, there are a couple options.
1) Change htsearch.cc to ignore the config input parameter. This could
be made easier by a compile-time option, but it's not that difficult as
it is.
2) Make htsearch.cc read a specific configuration file (e.g. htdig.conf
or .htdig.conf) before reading the one specified by "config". This would
allow a runtime option (e.g. disallow_in_form attribute) to disable user
selection of alternate configurations.
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
[EMAIL PROTECTED] containing the single word "unsubscribe" in
the SUBJECT of the message.
