Screws Security tips:
=====================

Path-Transversal protection:
  This is an usually bug caused by passing to the URL a dotdotslash
  string, and getting up dirs. ("../")
  You can enable this protection just typing "noupdir" directive on
  your screws.conf.

  This directive only takes effect on ${FILE} env string. Also could
  be nice to check the arguments passed to the file. This could be
  coded in a external module.

  A simple perl solution could be:
   if ($ENV{FILE}=~/\.\.\//) {
   	print "Updir not allowed";
	# Show error page
   }
   # or else...
   $ENV{FILE}=~s/\.\.\///;

  -links-
  http://www.owasp.org/asac/input_validation/pt.shtml

Meta-Chars protection:
  -links-
  http://www.owasp.org/asac/input_validation/meta.shtml

XSS tips:
  -links-
  http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf

Typical Overflows:
  headers overflow:
    - You must limit your headers_limit in a <MAXARG value. Because
      they are passed using argv[] to the script.
