but with scripting support. This little test app is based on a httpd server posted by Jademtech some time ago. I have extended it to be a scripting host. But do not expect full ASP compatibility. You cannot replace your IIS by it. And the project is in an experimental state of course.

The software is free, download it from here
Posted on 2002-08-17 11:34:31 by japheth
Hey, not sure if you care about security... You can do http://localhost/../ etc etc. Not intended to be a flame/troll - its meant to be real constructive critisism :/

Ciao,
-moog
Posted on 2002-08-17 14:58:54 by moogman
moogman,
thats why he said it could not replace IIS. IIS has much more issues than just such a simple security flaw :)
Posted on 2002-08-17 15:59:25 by bazik
moogman,

I have to admit that I dont care much about the httpd stuff. I'm interested primarily in the COM and scripting issues of this "project". But as far as I can tell there is a function SafeFilePath in source httpd.asm which does the check you have mentioned. So that request should be denied by the server.
Posted on 2002-08-18 13:31:47 by japheth