It is a less secure solution to read the appropriate file from disk. After the browser handler has detected the browser type and selected the content format, it reads the file from disk and sends it back to the browser.
If a file or a directory is read protected by the server's configuration, then the browser handler must implement the same access rules. This means, that the web master or administrator must always keep the same settings in the server configuration and the browser handler. We may expect a security hole after a while.
Since the server uses virtual directories that must be mapped to physical, the browser handler must use the same mappings. Once again, the web master or administrator must always keep the same settings in the server configuration and the browser handler. We may expect a second security hole after a while.
The programmer must also prevent the browser handler from reading files in any directory. If an HTTP client sends a request like
GET /?../../../../etc/passwd HTTP/1.0
the browser handler should not use this path
without a previous security check. Hackers are everywhere! However, this is the simple edition of a hacker's attack. Only a little bit more sophisticated is the following request:
GET /?/news/../../../../../etc/passwd HTTP/1.0
This request shall read the same file from the disk. Even, if the path to be read starts with the directory "/news/", the rest of the path "overrides" this sub-directory.
However, from a user's and browser's point of view, the response on the request should be faster. The browser only needs to send a single HTTP request to retrieve a web page. This is very important in case of low-speed and high-delay wireless connections.
Because of its qualification for wireless connections, we recommend to implement this automatic selection method. The security holes can be filled with secure code.
We will publish the source code of the whole Perl script later.
Copyright © 2001-2003 by Rainer Hillebrand and Thomas Wierlemann