Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

comp.security.unix and comp.security.misc frequently asked questions
Section - SATAN doesn't display right in my web browser; it asks me to save the file.

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Property taxes ]


Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: What's that weird URL with SATAN/SAINT? I'm not running a web server! or SATAN says "Can't find my own hostname".
Next Document: How do I find all setuid and setgid files?
See reader questions & answers on this topic! - Help others by sharing your knowledge

Newer web browsers seem to use different algorithms in guessing mime types
when the web server doesn't supply them.  Anyway, web servers are supposed to
supply the correct mime type and it's easy to fix SATAN to do so.

Add, in perl/html.pl, in process_html_request before it sends anything
(actually I see I put it just before the "Make sure they gave us the right
magic number"):

	# local bug fix: must send http response code and content type header
	print CLIENT "HTTP/1.0 200 Ok\nContent-Type: text/html\n\n";

There's some bad advice out there about adding a handler with the ".pl"
suffix in your netscape preferences.
1) This is wrong.  What's relevant about the satan response is that it is
indeed html code, not the fact that the requesting URL ends in .pl.  A web cgi
URL might end in .pl but the program might return a gif.  Unlike with e-mail,
mime types are an integral part of the http protocol.
2) This is dangerous (the version of the advice which says to set it to
invoke the perl interpreter).  You don't want to execute arbitrary perl code
off the net.  It also won't work, because the satan response is html code, not
a perl program.

The recommendation to deactivate an existing ".pl" handler is ok, but the
above is better imho; it fixes the real problem, and the fix won't go away
when you switch web browsers or use a different account.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA