httpd and form-based upload
Alexander Kriegisch
Alexander at Kriegisch.name
Mon Feb 5 01:33:04 UTC 2007
@Walter: I agree with Nathan. Besides, in my special case the router's
config web interface is not accessible from "outside" anyway. Haserl is
a tool facilitating what I want.
@Nathan: Maybe Walter speaks of code injection. Anyway, Haserl's man
page even mentions an example showing how to filter the content of HTML
form fields. That should be a starter for those who need or want to
provide their web pages with more security.
For me it works brilliantly, thank you. I guess Haserl will make its way
into our standard firmware mod for the AVM Fritz!Box router series.
Regards
--
Alexander Kriegisch
Nathan Angelacos wrote:
> walter harms wrote:
>> hi nathan,
>> i could not find any security stuff (like preventing an rm -r /).
>> did you try check it out ?
>
> Hi walter,
>
> I'm not sure I understand your question.
>
> haserl does the parsing of http GET/POST and mime-encoded http
> requests. That's what Alexander was asking about. Its is a tool, like
> busybox or netcat is a tool.
>
> If someone really wants to make a web page that does "rm -rf /" - I
> guess its a self-limiting problem. ;-)>
More information about the busybox
mailing list