Hiawatha webserver

Can you bypass Hiawatha's SQL-injection protection? http://sqli.hiawatha-webserver.org/

A month ago, I was interviewed by Chris van 't Hof, during his Tek Tok sessions at the National Cyber Security Research Agenda symposium. I've put the recorded audio file online, in you want to hear what was discussed. Of course, the session was in ... [More] Dutch. The image below is what I used during the interview. Your browser does not support the audio element. An impression of the session: [Less]

A month ago, I was interviewed by Chris van 't Hof, during his Tek Tok sessions at the National Cyber Security Research Agenda symposium. I've put the recorded audio file online, in you want to hear what was discussed. Of course, the session was in Dutch. The image below is what I used during the interview. An impression of the session:

A month ago, I was interviewed by Chris van 't Hof, during his Tek Tok sessions at the National Cyber Security Research Agenda symposium. I've put the recorded audio file online, in you want to hear what was discussed. Of course, the session was in Dutch. The image below is what I used during the interview. An impression of the session:

A month ago, I was interviewed by Chris van 't Hof, during his Tek Tok sessions at the National Cyber Security Research Agenda symposium. I've put the recorded audio file online, in you want to hear what was discussed. Of course, the session was in Dutch. The image below is what I used during the interview. An impression of the session:

A month ago, I was interviewed by Chris van 't Hof, during his Tek Tok sessions at the National Cyber Security Research Agenda symposium. I've put the recorded audio file online, in you want to hear what was discussed. Of course, the session was in Dutch. The image below is what I used during the interview. An impression of the session:

Today, I've released a new major version of the Hiawatha webserver. The biggest change in v10.0 is a different way of handling Directory sections. The path is now relative to the document root of a website. VirtualHost { Hostname = ... [More] www.example.com ... UseDirectory = static, files } Directory { DirectoryID = static Path = /css, /fonts, /images, /js ExpirePeriod = 2 weeks } Directory { DirectoryID = files Path = /files ShowIndex = yes } Another new feature is the support for GZip content encoding, which makes the UseGZfile obsolete. The rest of the new features can be found in the ChangeLog. [Less]

Today, I've released a new major version of the Hiawatha webserver. The biggest change in v10.0 is a different way of handling Directory sections. The path is now relative to the document root of a website. VirtualHost { Hostname = ... [More] www.example.com ... UseDirectory = static, files } Directory { DirectoryID = static Path = /css, /fonts, /images, /js ExpirePeriod = 2 weeks } Directory { DirectoryID = files Path = /files ShowIndex = yes } Another new feature is the support for GZip content encoding, which makes the UseGZfile obsolete. The rest of the new features can be found in the ChangeLog. [Less]

Today, I've released a new major version of the Hiawatha webserver. The biggest change in v10.0 is a different way of handling Directory sections. The path is now relative to the document root of a website. VirtualHost { Hostname = ... [More] www.example.com ... UseDirectory = static, files } Directory { DirectoryID = static Path = /css, /fonts, /images, /js ExpirePeriod = 2 weeks } Directory { DirectoryID = files Path = /files ShowIndex = yes } Another new feature is the support for GZip content encoding, which makes the UseGZfile obsolete. The rest of the new features can be found in the ChangeLog. [Less]

I've released a first beta version of Hiawatha v10.0. The ChangeLog for this release is: Usage of Directory sections changed. Added support for RFC 5785. Added support for GZip compression. Removed the UseGZfile option. Added ECDSA support for TLS ... [More] 1.0 and TLS 1.1. Replaced UrlToolkit Expire option with ExpirePeriod in Directory section. Replaced IgnoreDotHiawatha option with UseLocalConfig. Removed the VolatileObject option. Improved SQL injection detection. mbed TLS updated to 2.2.0. I really like to hear your thoughts on this one. A copy can, as always, be obtained at the download page. [Less]