Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: What's that weird URL with SATAN/SAINT? I'm not running a web server! or SATAN says "Can't find my own hostname". Next Document: How do I find all setuid and setgid files? See reader questions & answers on this topic! - Help others by sharing your knowledge Newer web browsers seem to use different algorithms in guessing mime types when the web server doesn't supply them. Anyway, web servers are supposed to supply the correct mime type and it's easy to fix SATAN to do so. Add, in perl/html.pl, in process_html_request before it sends anything (actually I see I put it just before the "Make sure they gave us the right magic number"): # local bug fix: must send http response code and content type header print CLIENT "HTTP/1.0 200 Ok\nContent-Type: text/html\n\n"; There's some bad advice out there about adding a handler with the ".pl" suffix in your netscape preferences. 1) This is wrong. What's relevant about the satan response is that it is indeed html code, not the fact that the requesting URL ends in .pl. A web cgi URL might end in .pl but the program might return a gif. Unlike with e-mail, mime types are an integral part of the http protocol. 2) This is dangerous (the version of the advice which says to set it to invoke the perl interpreter). You don't want to execute arbitrary perl code off the net. It also won't work, because the satan response is html code, not a perl program. The recommendation to deactivate an existing ".pl" handler is ok, but the above is better imho; it fixes the real problem, and the fix won't go away when you switch web browsers or use a different account. User Contributions:Top Document: comp.security.unix and comp.security.misc frequently asked questions Previous Document: What's that weird URL with SATAN/SAINT? I'm not running a web server! or SATAN says "Can't find my own hostname". Next Document: How do I find all setuid and setgid files? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: flaps@dgp.toronto.edu (Alan J Rosenthal)
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: