Re: [NSE] NSE HTTP library

[Fyodor <fyodor () insecure org>]

On Mon, Jan 21, 2008 at 07:28:16AM +0100, Sven Klemm wrote:
> Thomas Buchanan wrote:
> > 2.  It would be nice to be able to pass a timeout value to get(),
> > get_url(), etc.  The default timeout seems to be 30 seconds, which can
> > be a long time to wait for some of us.  :)
>
> I added another parameter to all functions for passing options. The
> call to get() with setting the timeout would look like this:
>  http.get( host, port, '/', {timeout=5000})
>
> I decided to use a table for the options so it's easy to add further
> options without changing the function signature.

Thanks Sven.  I'm excited about this library because I imagine that
many scripts will find it useful.  Also, thanks to Thomas for the
testing and comments.

My only lingering concern is the issue of multiple header fields of
the same name.  Sven had a pretty convincing rationale for using the
comma separated list as described in the HTTP 1.1 RFC at
http://tools.ietf.org/html/rfc2616#section-4.2 .  While parsing the
WWW-Authenticate fields returned by IIS may be harder using the
comma-separated list approach, I worry that putting in our hack just
for that may lead to other problems if/when we find behavior which
depends on the CSL handling.

Maybe we can just make the HTTP Auth script a bit smarter with its
parsing--even if that means special casing some auth type keywords and
the like.

Or am I missing a good reason for dumping the CSL behavior?

Anyway, I'm looking forward to comitting a version of this.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org