DOCSLIB.ORG

Protecting Web Servers from Security Holes in Server-Side Includes 

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Protecting Web Servers from Security Holes in Server-Side Includes  Protecting Web Servers from Security Holes in Server-Side Includes Jared Karro Jie Wang Division of Computer Science University of North Carolina at Greensboro Greensboro, NC 27402, USA Jared [email protected], [email protected] Abstract languages have also created new security flaws. The study of Web security has therefore become an important is- This paper first investigates and analyzes security sue. Previous research of Web security has been primarily holes concerning the use of Server-Side Includes (SSI) in focused on security flaws in Java [11], ActiveX [1], and some of the most used Web server software packages. We other Web programming environments [10]. The integrity show that, by exploiting features of SSI, one could seri- and security of Web server software packages, however, ously compromise Web server security. For example, we have not seemed to attract much attention. To make things demonstrate how users can gain access to information worse, one could use the World Wide Web without hav- they are not supposed to see, and how attackers can crash ing to use a Java or an ActiveX environment, but one is a Web server computer by having an HTML file execute a forced to use Web server software. Hence, the issue on simple program. Such attacks can be made with no trace the security of Web server software deserves serious con- left behind. We have successfully carried out all the at- sideration. tacks described in this paper on dummy servers we set up Web servers offer certain features that ordinary net- for this investigation. We then suggest several practical work servers do not allow. Such features are useful for security measures to prevent a Web server from such at- users to create dynamic Web documentations. For in- tacks. stance, a Web server may provide certain mechanisms that allow users to automatically update the “date last mod- ified” information of their Web pages. Such features, 1. Introduction however, may also unknowingly give away certain valu- able information to unauthorized Web users. Informa- Computer and network security has been studied in- tion about server computers obtained through Web servers tensely for many years and a number of defense tools, may be used by a malicious user to harm the Web server such as various encryption techniques [15] and firewall in a number of ways, including crashing the Web server technologies [4], have been developed and put in use. computer. Thus, investigating what type of information World Wide Web is a new Internet application; it offers is obtainable from a Web server and what harm can be new concepts and technologies for a large scale, on-line, made by obtaining such information becomes interesting multi-media repository of information, which has created and important, particularly to universities, Internet service many new ways for conducting business and has greatly providers, and other organizations where a variety of users influenced the daily life of many people. But the use of are allowed (and often are encouraged) to create their own World Wide Web has also interjected a new set of secu- home pages. rity problems at the same time. For example, while new Most Web servers support Server-Side Includes (SSI), programming languages such as Java and JavaScript have which can be used to execute CGI (Common Gateway made it easy to produce active Web documents, some of Interface) scripts and echo valuable information to Web the new programming techniques introduced in these new browsers. The ability to do SSI is independent from the Web browsers, making it particularly convenient in the This work was supported in part by the University of North Car- olina at Greensboro under grant 3-19612 and by NSF under grant CCR- multi-browser world we currently live in. Thus, SSI may 9424164. serve as a powerful tool to obtain information and perform other tasks. In this paper, we will discuss flaws and areas on dummy servers we set up for this investigation. These of security concerns on SSI in many of the major Web examples of attacks include methods to crash Web server server software packages used on the Internet. We show computers, to kill other users’ processes, and to have the that, by exploiting features of SSI, a user can gain valuable Web server automatically send out e-mail messages to se- information about a Web server computer as well as do lected individuals. Such attacks can be made with no trace harm to the server. For instance, a user can obtain infor- left behind. In Sections 3 and 4, we show and discuss mation about the server computer configuration and what how to obtain the necessary rights to execute those harm- processes are currently in running on the server computer ful SSI feature even though the user may be denied such and by whom; he can kill a process that does not belong to rights by the default setting of SSI. We analyze the fol- him; and he can even crash the server computer. He can lowing Web server software packages on the UNIX plat- do so from a client computer without having access log forms in Section 3: Apache, Stronghold, Netscape Fast- into the actual server computer. Track 3.0, Zeus Server; and we analyze the following soft- We investigate several Web server software packages ware packages on the Windows platforms in Section 4: for computers running UNIX, Windows 95, and Windows Netscape Fast-Track 2.0, Netscape Enterprise (NT only), NT operating systems. We restrict our discussion to Web and O’reilly WebSite Professional (NT only). The Apache server software packages that are available either free of server, according to a recent survey [12], is the most used charge; or as free, fully functional, evaluation copies. We Web server under UNIX platform. In Section 5 we offer do not intend to cover all Web server software packages in several security measures, based on our investigation and this paper, nor do we intend to include all of the versions analysis of security holes in SSI, to protect Web servers for the Web servers we do discuss. Certain security holes from the attacks we describe in this paper. We hope that found in an early version of a particular Web server soft- this paper will serve as a useful tool to help the reader in ware package may have already been corrected in a newer choosing a suitable Web server and Web environment, as version; but we found that a number of organizations, in- well as a guide for securing his Web server from attacks cluding our own, were/are still using an early version of of these types. certain Web servers, and so we feel that we are obligated to publishing our findings. Findings of this sort may also 2. SSI and security holes help server software developers and server administrators to identify some of the gray areas of security that might We will first show in this section how SSI can be used have been overlooked. to perform certain useful things when users are denied ac- For convenience, in what follows, we will use “Web cess to CGI scripts. We will then show how SSI can be server” to denote “Web server software package” and used to compromise the security of the underlying Web “Web server computer” to denote the computer that runs server. We assume that the user has rights to execute the the server software. We will use “Web viewer” to denote exec and include directives. This opens a door for users the individual who is viewing the Web pages and “Web to create their own scripts (programs), which could be user” to denote the individual who is creating the pages. used to do useful things such as setting up counters, or The “Web facilitator” refers to the UNIX user ID under could be used to do harmful things such as crashing the which all the Web server processes are executed. Depend- server computer. ing on the Web server, the Web facilitator does not need to be an actual user on a UNIX system. In other words, 2.1. Useful Exploitation of Loop Holes the Web facilitator may simply be a fictitious user who does not own a directory nor have explicit rights (in fact, Depending on the server environment, it may become as we will discuss later, it may be safer to use a fictitious necessary for the users to exploit loop holes in SSI to user rather than a real user). For simplicity, we sometimes accomplish certain useful tasks. For instance, the Web omit the word “Web”. server at our university does not allow users to execute This paper is organized as follows. In Section 2, we their own CGI scripts, and it only provides a CGI script for show that one can exploit SSI loop holes to accomplish mailmerge. This means that if we want to set up a counter certain useful tasks on one hand, and to compromise the of visits in our pages, we have to use a service provided by security of the underlying Web server on the other hand. other Web servers outside of the campus. This will slow Since most published works that deal with Web security down the loading of our pages and we cannot guarantee (e.g., [14], [7], and [2]) have only briefly, if at all, men- that the counter will always work. tioned the possible hazards of SSI, we demonstrate several To get around this problem, we wrote a C++ program examples of attacks that we have devised and carried out to look at a log file, count the number of hits on the given page periodically, and output the result with a graphic im- that we started, for instance, did not require logins; thus, age.
Load more

Recommended publications
  • Chapter 11 Web-Based Information Systems
    Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 [email protected] Chapter 11 Web-based Information Systems TP Application Architecture client n Front-end program n interacts with (possibly wide range of) display devices front-end n gathers and validates input, displays output n constructs and forward request (e.g., as a RPC Front-end or asynchronous message) Program è provides device-independence for server n Request controller server n guides the request execution Request Controller n determines required steps, then executes them by invoking transaction servers Transaction Transaction Transaction n usually runs as part of an ACID transaction ... Server Server Server n Transaction server n process that runs application programs doing the actual work of the request DBMS n almost always runs within the scope of an Database Database ACID transaction System System n typically interacts with a DBMS n simple applications can be composed into more complex ones (using local proc. call, TRPC, asynch. messaging, …) DB DB n makes difference to req. controller fuzzy Middleware for Heterogeneous and 2 © Prof.Dr.-Ing. Stefan Deßloch Distributed Information Systems Front-end Program Functions n Gather input and display output (user interaction) n form and menu concepts n user selects a menu item to identify the type of transaction to be executed n front-end program display a (series of) form(s) for gathering input data n input data is validated by the front-end program n goal: avoid calling
    [Show full text]
  • Features Enabled on Your Windows Host During Installation Snapcenter Software Soumik Das, Archana August 08, 2021
    Features enabled on your Windows host during installation SnapCenter Software Soumik Das, Archana August 08, 2021 This PDF was generated from https://docs.netapp.com/us- en/snapcenter/install/reference_features_enabled_on_your_windows_host_during_installation.html on September 16, 2021. Always check docs.netapp.com for the latest. Table of Contents Features enabled on your Windows host during installation . 1 Features enabled on your Windows host during installation The SnapCenter Server installer enables the Windows features and roles on your Windows host during installation. These might be of interest for troubleshooting and host system maintenance purposes. 1 Category Feature Web Server • Internet Information Services • World Wide Web Services • Common HTTP Features ◦ Default Document ◦ Directory Browsing ◦ HTTP Errors ◦ HTTP Redirection ◦ Static Content ◦ WebDAV Publishing • Health and Diagnostics ◦ Custom Logging ◦ HTTP Logging ◦ Logging Tools ◦ Request Monitor ◦ Tracing • Performance Features ◦ Static Content Compression • Security ◦ IP Security ◦ Basic Authentication ◦ Centralized SSL Certificate Support ◦ Client Certificate Mapping Authentication ◦ IIS Client Certificate Mapping Authentication ◦ IP and Domain Restrictions ◦ Request Filtering ◦ URL Authorization ◦ Windows Authentication • Application Development Features ◦ .NET Extensibility 4.5 ◦ Application Initialization ◦ ASP.NET 4.5 ◦ Server-Side Includes ◦ WebSocket Protocol • Management Tools ◦ IIS Management Console 2 Category Feature IIS Management Scripts and Tools • IIS Management Service • Web Management Tools .NET Framework 4.5.2 Features • .NET Framework 4.5.2 • ASP.NET 4.5.2 • Windows Communication Foundation (WCF) HTTP Activation45 ◦ TCP Activation ◦ HTTP Activation ◦ Message Queuing (MSMQ) activation Message Queuing • Message Queuing Services Ensure that no other applications uses the MSMQ service that SnapCenter creates and manages. • MSMQ Server Windows Process Activation Service • Process Model Configuration APIs All 3 Copyright Information Copyright © 2021 NetApp, Inc.
    [Show full text]
  • Lecture 28 Scripting Language Used to Create Dynamic Web Pages (Like Perl Open Source)
    PHP A server-side, cross-platform, HTML-embedded Lecture 28 scripting language used to create dynamic Web pages (like Perl open source). We can write PHP code directly into HTML and don’t PHP need to worry about CGI (like Java Server Pages). April 6, 2005 Looks like Perl and knowledge of one can help you understand the other. Web server needs to be configured to parse files with certain extensions (e.g. php or phtml) appropriately. PHP Serve-side Scripting Server-side scripting SSI: Server-side includes: Most CGI tools: very old scripting language write page headers, define layout, etc. mostly provides #include few really dynamic parts, most static PHP: have to write many static print statements complete language Let’s design pages by writing static HTML documents free with pieces of code inside: integrates nicely into Apache, IIS, other servers code is executed at request time pages can take parameters ASP: Active Server Pages Scripting languages come with libraries providing Microsoft version of PHP functions specially designed for Web programming: language is essentially Basic e.g.: URL/parameters manipulations, database gateways, ... JSP: Java Server Pages Java version PHP PHP Most popular third-party module for Apache: <html> code and extensive documentation available from <head><title>PHP Test</title></head> http://www.php.net/ <body><? print(“Hello World!”); ?></body> </html> Pieces of code are enclosed into <?...?> tags Example: <html> <html> <head><title>PHP Test</title></head> <head><title>PHP Test</title></head> <body>Hello World!</body> <body><? print(“Hello World!”); ?></body> </html> </html> 1 Parameter Decoding Parameter Decoding Each PHP script can be invoked as a CGI.
    [Show full text]
  • Cloud On-Premise Installation: IIS Settings Prerequisites
    Portal > Knowledgebase > Cloud > Cloud On-Premise installation: IIS Settings Prerequisites Cloud On-Premise installation: IIS Settings Prerequisites Scott Kircher - 2020-02-10 - in Cloud Certain settings should be configured in Internet Information Services (IIS) before installing the On-Premise version of AssetCloud or InventoryCloud. 1. This section is for Windows 10. Windows Server users, skip to Step 2. Enable the following features: Open the Programs and Features control panel, then click Windows Features at the left. You can enable most other features with no negative impact. Exception: DO NOT enable WebDAV Publishing. Screenshots are below. .NET Framework 3.5.x (expand and check all boxes) .NET Framework 4.6.2 (or higher) (expand and check all boxes) Internet Information Services, Web Management Tools, IIS Management Console Internet Information Services, World Wide Web Services, Application Development, .NET Extensibility 3.5.x Internet Information Services, World Wide Web Services, Application Development, .NET Extensibility 4.6.2 (or higher) Internet Information Services, World Wide Web Services, Application Development, ASP Internet Information Services, World Wide Web Services, Application Development, ASP.NET 3.5.x Internet Information Services, World Wide Web Services, Application Development, ASP.NET 4.6.2 (or higher) Internet Information Services, World Wide Web Services, Application Development, ISAPI Extensions Internet Information Services, World Wide Web Services, Application Development, ISAPI Filters Internet Information
    [Show full text]
  • C Server Pages: an Architecture for Dynamic Web Content Generation
    C Server Pages: An Architecture for Dynamic Web Content Generation John Millaway Phillip Conrad Dept. of Computer and Information Sciences Dept. of Computer and Information Sciences Temple University Temple University 1805 N. Broad St. 1805 N. Broad St. Philadelphia, PA 19122 Philadelphia, PA 19122 [email protected] [email protected] ABSTRACT curs heavyweight process creation overhead. Approaches that in- This paper introduces C Server Pages (CSP), a highly efficient ar- volve simple template substitution by the web server itself based on chitecture for the creation and implementation of dynamic web so called server-side includes (SSIs) are lightweight, but not very pages. The CSP scripting language allows dynamic web contents to powerful. Application servers such as ColdFusion [3] introduce a be expressed using a combination of C code and HTML. A novel heavyweight run time layer. Interpreted languages such as Java, feature of CSP is that the C portions of the CSP source file are PHP, and Perl are typically slower than compiled languages such compiled into dynamic load libraries that become part of the run- as C. New languages specifically designed for the generation of ning web server, thus avoiding both the overhead of interpreted lan- server side content present an additional learning curve for already guages such as Perl, Java and PHP, as well as the need to create a overburdened developers [8]. separate process. We present an overview of the architecture and This paper introduces an alternative architecture called C Server implementation, and provide results of performance benchmarks Pages (CSP), based on combining languages familiar to many de- showing that CSP outperforms similar mainstream technologies, velopers: HTML, and C.
    [Show full text]
  • NIST SP 800-28 Version 2 Guidelines on Active Content and Mobile
    Special Publication 800-28 Version 2 (Draft) Guidelines on Active Content and Mobile Code Recommendations of the National Institute of Standards and Technology Wayne A. Jansen Theodore Winograd Karen Scarfone NIST Special Publication 800-28 Guidelines on Active Content and Mobile Version 2 Code (Draft) Recommendations of the National Institute of Standards and Technology Wayne A. Jansen Theodore Winograd Karen Scarfone C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 March 2008 U.S. Department of Commerce Carlos M. Gutierrez, Secretary National Institute of Standards and Technology James M. Turner, Acting Director GUIDELINES ON ACTIVE CONTENT AND MOBILE CODE Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-28 Version 2 Natl. Inst. Stand. Technol. Spec. Publ.
    [Show full text]
  • Apache Web Server Complete Guide
    Apache Web Server Complete Guide Dedoimedo www.dedoimedo.com www.dedoimedo.com all rights reserved Contents 1 Introduction 15 2 Basic Setup 16 2.1 Verify installation......................... 16 2.2 Package files............................ 16 2.3 Main configuration file(s)..................... 18 2.3.1 Backup........................... 18 2.4 Edit the httpd.conf configuration file............... 18 2.4.1 ServerRoot......................... 19 2.4.2 PidFile........................... 20 2.4.3 ServerName........................ 20 2.4.4 Add site to /etc/hosts file................. 21 2.4.5 DocumentRoot....................... 24 2.4.6 ErrorLog.......................... 25 2.4.7 Listen........................... 26 2.5 Create your HTML documents.................. 27 2.6 Start the Web Server....................... 29 2.7 Access the web site........................ 32 2.7.1 Local access........................ 32 2.7.2 Internal & external access................. 34 2.8 Summary of basic setup...................... 37 3 Advanced setup 38 3.1 Directory tags........................... 38 3.1.1 Order (allow, deny).................... 40 3.1.2 Indexes........................... 43 2 www.dedoimedo.com all rights reserved 3.1.3 DirectoryMatch...................... 46 3.2 Files tags.............................. 46 3.3 Location tags............................ 48 3.4 Directory, Files and Location................... 49 3.5 Redirect.............................. 50 3.6 Virtual Hosts............................ 50 3.6.1 Single IP, two websites................... 53 3.6.2 Two IPs, two websites................... 57 3.6.3 Other scenarios...................... 60 3.7 Modules.............................. 63 3.7.1 Module types........................ 63 3.7.2 View installed modules................... 64 3.7.3 LoadModule........................ 65 4 .htaccess 69 4.1 Create .htaccess file........................ 71 4.2 Create .htpasswd file........................ 71 4.3 Copy .htaccess to restricted directory..............
    [Show full text]
  • Server Side Programming
    SAN DIEGO COMMUNITY COLLEGE DISTRICT CONTINUING EDUCATION COURSE OUTLINE SECTION I SUBJECT AREA AND COURSE NUMBER COMP 623 COURSE TITLE SERVER SIDE PROGRAMMING TYPE COURSE NON-FEE VOCATIONAL CATALOG COURSE DESCRIPTION In this course students will learn how to deliver dynamic content on Web sites. This course covers Server Side programming, (such as ASP.NET, CGI, Java VM, MySQL, and Fast CGI). Students will also learn about extending Web server software through configuring and scripting. (FT) LECTURE/LABORATORY HOURS 250 ADVISORY NONE RECOMMENDED SKILL LEVEL Possess a 10th grade reading level; ability to communicate effectively in the English language; knowledge of math concepts at the 8th grade level; ability to use a mouse, menus, open and close windows and save files within the Macintosh or Windows operating system; and ability to use an internet browser. INSTITUTIONAL STUDENT LEARNING OUTCOMES 1. Social Responsibility SDCE students demonstrate interpersonal skills by learning and working cooperatively in a diverse environment. 2. Effective Communication SDCE students demonstrate effective communication skills. CEISO 02/07; Revised 12/18/13 SERVER SIDE PROGRAMMING PAGE 2 INSTITUTIONAL STUDENT LEARNING OUTCOMES (CONTINUED) 3. Critical Thinking SDCE students critically process information, make decisions, and solve problems independently or cooperatively. 4. Personal and Professional Development SDCE students pursue short term and life-long learning goals, mastering necessary skills and using resource management and self advocacy skills to cope with changing situations in their lives. COURSE GOALS To provide instruction in how dynamic content is delivered on the Web. Students will learn about Server-Side includes, the Common Gateway Interface (CGI), and about writing and debugging CGI scripts.
    [Show full text]
  • A Comparison of Portable Dynamic Web Content Technologies for the Apache Server
    A Comparison of Portable Dynamic Web Content Technologies for the Apache Server December 16, 2012 1 Introduction Dynamic web content typically entails user input on a web page processed by the server to affect the generation of a corresponding new page. In most applications the server- side processing is the key to the whole process. The web server is responsible for handling user input, start a program that processes it (or just pass it to an already running program), get the results and send them back to the user. The processing program often communicates with a database to find stored information and keeps session data to remember the user’s previous state. To achieve the above, there are a number of different approaches: • Per-request execution: Every time dynamic content is needed, start a new program to process the request. • A pool of the requested processes or threads is already running. Each new request is handled by a separate process or thread. • Templating: We have already designed the page. Its request-specific contents are added and it is sent back to the user. • Web server extensions: The web server itself is extended through proprietary APIs to handle dynamic content. The third approach implies that the previous two produce themselves the HTML code for every request. Also, the third technique requires the presence of either the second (usually) or the first (seldom). The technologies that work for today’s web sites, according to the previous classifi- cation, are the following: • Per-request execution: Common Gateway Interface (CGI). • Fast CGI, Java Servlets.
    [Show full text]
  • Webserver on SPWF04S Module
    AN4965 Application note WebServer on SPWF04S module Introduction The HTTP protocol is an excellent solution for communication between humans and embedded devices because of the ubiquitous presence of browsers. This SPWF04S HTTP server application note is for developers seeking to implement Webservices and Webpages with static or dynamic content in their embedded products. It includes: an introduction to SPWF04S HTTP server, including server capabilities server side information built-in functionality information November 2017 DocID030069 Rev 2 1/15 www.st.com Contents AN4965 Contents 1 Features overview ........................................................................... 4 2 Introduction into SPWF04S HTTP server ....................................... 5 2.1 Using multiple connections................................................................ 5 2.2 Supported HTTP methods ................................................................ 5 2.3 Generating HTTP responses............................................................. 5 2.4 HTTP protocol 1.1 ............................................................................. 5 2.5 Get HTTP header content ................................................................. 5 2.6 Receiving POST data ........................................................................ 6 2.7 Selecting the homepage ................................................................... 6 2.8 Favicon-support ................................................................................ 6 2.9 Using
    [Show full text]
  • Chapter 10 Web-Based Information Systems.Pptx
    Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 [email protected] Chapter 10 Web-based Information Systems Role of the WWW for IS n Initial purpose: sharing information on the internet n technologies n HTML documents n HTTP protocol n web browser as client for internet information access n For Information Systems: connecting remote clients with applications across the internet/intranet n "web-enabled" applications n extend application reach to the consumer n leverage advantages of web technologies n web browser as a universal application client n "thin client" n no application-specific client code has to be installed n requirements n content is coming from dynamic sources (IS, DBS) n request to access a resource has to result in application invocation n session state: tracking repeated interactions of the same client with a web server 2 © Prof.Dr.-Ing. Stefan Deßloch Middleware for Information Systems Architecture for Web-IS client n Presentation layer may be realized in separate tiers web browser n client-side presentation using browser, client components (optional) presentation web server n server-side presentation done by web layer server, dynamic HTML generation information system information (HTML filter) HTML filter n Presentation components interact with application logic components n managed by appl. server, or run application (or web) server within web server environment application logic n Access to RM layer n "encapsulated" in appl. logic component n may also be performed directly within resource management presentation logic component layer n special case, if there is no application logic (only data access logic) 3 © Prof.Dr.-Ing.
    [Show full text]
  • Ajax Request Web Server
    Ajax Request Web Server Unbeguiled and transmittable Vasili still phlebotomize his denationalisation placidly. Scurrilous Anatoly jewel no holibuts scars nor'-east after Willey aggregate disaffectedly, quite blear-eyed. Vinny calves his harebells flare thereabouts, but contracted Mustafa never fertilised so mordantly. Starting from the top of the conventional method, just not on a Canvas page when I opened the developer tools at this point. This gym only applies to using GET nor POST from Ajax but really wear these methods might be employed. 6 Different ways to do Ajax calls in JavaScript by Sharad. You can add your comment about this article using the form below. POST requests for the few instances where they do need to pass more information that the GET method allows. Internet Explorer that permits a web page please make a company to a server and get. Due to Chrome issues, it listens for requests, we instead check in a nickname already exists in member database in not by sending the currently entered nickname back although the server. The first is motion you pick only requesting a longer piece of information instead of or entire web page and second the most noticeable difference is. To discuss this further, you might want to investigate validation that prevents a user from requesting a name that does not exist in the data store. Finally figured out quick I nothing wrong. As stupid as loading a script asynchronously goes, to fair pretty trivial, it anywhere not appear in source list. HTML page and setting it as the entry point for the application.
    [Show full text]