-----Ursprüngliche Nachricht----- Von: "Hans Hübner" hans@huebner.org Gesendet: 08.12.08 11:36:47 An: "General interest list for Hunchentoot and CL-WEBDAV" tbnl-devel@common-lisp.net Betreff: Re: [hunchentoot-devel] handle-static-file
On Mon, Dec 8, 2008 at 10:38, Frank Schorr franks-muc@web.de wrote:
Made a (create-folder-dispatcher-and-handler "/pdf/" "c:/..../pdf/") When I direct the browser to .../pdf/doesnotexist, the server sends a 404. OK But .../pdf/* generates "illegal use of wild pathname" .
Call to INVOKE-DEBUGGER Call to SIGNAL Call to PROBE-FILE Call to HUNCHENTOOT:HANDLE-STATIC-FILE Call to HUNCHENTOOT::PROCESS-REQUEST Call to HUNCHENTOOT::PROCESS-CONNECTION Call to (HARLEQUIN-COMMON-LISP:SUBFUNCTION MP::PROCESS-SG-FUNCTION MP::INITIALIZE-PROCESS-STACK)
I can handle this on my side, but I think it is a risk.
Why do you think it is a risk? What is risked?
-Hans
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
The risk is the bad guy sending many of these requests, the server will create a same number of threads, all hanging in the debugger, until a limit is reached. I believe 404 would be the correct response for requesting file "*" which is not present. Frank
____________________________________________________________________ Psssst! Schon vom neuen WEB.DE MultiMessenger gehört? Der kann`s mit allen: http://www.produkte.web.de/messenger/?did=3123
On Mon, Dec 8, 2008 at 11:47, Frank Schorr franks-muc@web.de wrote:
Made a (create-folder-dispatcher-and-handler "/pdf/" "c:/..../pdf/") When I direct the browser to .../pdf/doesnotexist, the server sends a 404. OK But .../pdf/* generates "illegal use of wild pathname" .
Call to INVOKE-DEBUGGER Call to SIGNAL Call to PROBE-FILE Call to HUNCHENTOOT:HANDLE-STATIC-FILE Call to HUNCHENTOOT::PROCESS-REQUEST Call to HUNCHENTOOT::PROCESS-CONNECTION Call to (HARLEQUIN-COMMON-LISP:SUBFUNCTION MP::PROCESS-SG-FUNCTION MP::INITIALIZE-PROCESS-STACK)
I can handle this on my side, but I think it is a risk.
Why do you think it is a risk? What is risked?
The risk is the bad guy sending many of these requests, the server will create a same number of threads, all hanging in the debugger, until a limit is reached. I believe 404 would be the correct response for requesting file "*" which is not present.
I agree that 404 would be a better response, but I don't know about the debugger thing. In production environments, you would not enable the debugger for handling errors in requests.
Now, the question is whether what you describe is a misbehaviour in Hunchentoot that sends you to the debugger even though you did not enable debugging. Did you intend to write that?
-Hans
-
Frank Schorr -
Hans Hübner