Sambar Server Documentation

Publishing with HTTP PUT


The Sambar Server supports Web publishing through either the FTP Server or the PUT method. Netscape Communicator, Navigator Gold, AOLPress and Amaya all support this method of publishing pages. By default, only the admin user has privilege for using the HTTP PUT method. All other users attempting to use this feature will receive the Forbidden message. The remainder of this article explains what the PUT method is and how it can be used in the Sambar Server.

The PUT method is similar to the POST method in that it can cause information to be updated on the server. The PUT method may be used with documents, images, classes or CGI applications. When used with a CGI application, the PUT handler functions the same was the POST method does. For other document types, the HTTP URI of the PUT method indicates the file to be created or updated and the data of the PUT method (only a single data item is permitted) is the content that the file indicated by the URI will be updated with. If successful, the server returns a status of 204 indicating the upload completed normally.

IMPORTANT! By default the Sambar Server is configured with the admin allowed to PUT files on the server. Make sure to change the password of the admin user prior to allowing access to the HTTP server by external users!

Security for the HTTP PUT method is implemented using two mechanisms. The first is the "Allow HTTP PUT" directive in the config.ini file. This directive contains a space separated list of all users with permission to PUT files to the server. If this directive has no entries, no users will be allowed to PUT files on the server -- effectively eliminating this feature from the server.

The second security method which is activated is the REQUEST callback which by default enforces the security rules in the security.ini file. The source code of the security REQUEST method can be found in samples/source/security.c, and can be extended to provide more fine-grained HTTP PUT security. One extension being considered for future releases is to restrict HTTP PUT users by IP address as well as username/password.

Use of the HTTP PUT method is a security risk since it means that if your username/password can be breached, anyone on the Internet could potentially change any of your files. The Sambar Server restricts access to the configured Document, Images, and Classes directories so users are not able to update files outside the Sambar Server installation area. Nonetheless, allowing the server to be remotely updated is a security concern.

Lastly, to publish a page using AOLPress or Amaya, click on File, Save (or File, Save As) and type the full URL of the location to publish the file to (e.g. http:///test.htm).

In Navigator Gold, select File, Publish. In the "Upload Files to this location" box, enter the full URL of the page to create. For example, if your server is called www.netscape.com and you want to upload to a file called "test.htm" in the document root, you would enter:

When prompted, enter the username and password of a user allowed to perform the HTTP PUT method.

© 1998 Sambar Technologies. All rights reserved. Terms of Use.