Home page logo
/

basics logo Security Basics mailing list archives

RE: #include file tag in HTML: possible issues?
From: "Giuseppe DELL'ERBA" <giuseppe.dellerba () st com>
Date: Fri, 20 Jan 2006 17:04:13 +0100

...any additional feedbacks about the request below?
Thanks
Peppe

-----Original Message-----
From: giuseppe dellerba [mailto:giuseppe.dellerba () st com] 
Sent: Monday, January 16, 2006 11:46 AM
To: 'security-basics () securityfocus com'
Subject: RE: #include file tag in HTML: possible issues?


More details for your feedbacks: the application creates HTML pages, on URL
basis, using templates. The content aggregation logic is based on JSP. The
application will retrieve these templates and, using TAGLIB technology, will
substitute the TAGLIB with the dynamic content and metadata. The idea is to
add the #include file tag in the new templates. The contents and the
templates come from company internal resources.

Thanks
Peppe

-------------------
First message:
Hi all,

I have to evaluate from security point of view an application that is going
to add in its template pages the #include file tag. 
This will allow a section of code to be inserted in the page, and the code
that is inserted may be stored in an external file.  

Do you think this feature can introduce possible security threats? And,
eventually, the remediation needed?

Thanks
Peppe

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning,

Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------



---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]