optimistx meinte:
> Dr J R Stockton wrote:
> ...
>> I do know of a fault in one current/recent browser which gives the
>> appearance of an untrapped exceeding of range of a form which might
>> allow the execution of random or arbitrary code; so my answer is
>> "Perhaps yes".
>
> Thanks for the info.
>
> Is it like this:
>
> If the page contains a form, which is set by a post or
> get http-request to the server, a malignant user of some defective
> browser can fill something in
> a form on a page so that server security is at risk even
> in the case when the
> server does not contain any code from the author to handle the
> request ?
What's a form good for, without server side scripting (which you don't
have)?
The only thing a user could do, is exploit a vulnerability in the
webserver application. When using a popular webserver (like Apache),
vulnerabilities are rare and fixed quickly.
Gregor
--
http://www.gregorkofler.com