Date: Fri, 20 Nov 1998 19:10:50 -0700 From: Wes Peters <wes@softweyr.com> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: Jeroen Ruigrok/Asmodai <asmodai@wxs.nl>, Per Kristian Hove <perhov@phys.ntnu.no>, freebsd-security@FreeBSD.ORG, Andrew McNaughton <andrew@squiz.co.nz> Subject: Re: pkhttpd (Was: Would this make FreeBSD more secure?) Message-ID: <3656212A.DB67ADEA@softweyr.com> References: <XFMail.981120210507.asmodai@wxs.nl> <199811210129.RAA19628@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Dillon wrote:
>
> If you don't use the fancier features it's fairly easy to write a web
> server. Writing a scaleable web server is a different matter, but even
> so it isn't going to be all that big.
>
> A short list of optional features that you do not have to implement
> include:
>
> byte serving (Range: header)
> persistent connections
> proxy functions
> content matching
>
> Common features you should/must deal with properly:
>
> Handling missing trailing slashes properly (by returning a
> redirect)
> code 100 processing (if implementing HTTP/1.1)
> Handling content-length, POST data
> Handling If-modified-Since
> Handling Authorization if you intend to password-protect
> the system using authorization mechanisms.
> Properly escaping input and output strings according to the spec.
Agreed, except for the persistent connections. You really do need that
to work around some really bogus bugs in IE 4.0, and it's not that
hard to do. Plus, it'll save your little embedded system a lot of work
setting up and taking down TCP connections on complicated pages.
--
Where am I, and what am I doing in this handbasket?
Wes Peters +1.801.915.2061
Softweyr LLC wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3656212A.DB67ADEA>