Setting up a CERN server to support the PUT method involves three operations:
CGI-scripts that are PUT compliant are basically the same kind of scripts used to handle POST requests, with the addition of extra code to save to a file the data feed to them by a server. As a PUT script actually writes, or overwrites, files on a remote information, the source code of this type of scripts must be carefully reviewed to avoid security and system mishaps.
In order to handle PUT requests, the httpd configuration file must include:
If you're running the CERN server in a system which associates access-rights to files, such as Unix, you have to make sure that:
You might we wondering where are user access-rights actually enforced. The answer is that this happens inside the CERN server. Once the server authorizes a request, it just commands the PUT script to write a data file. If you consider it appropriate, you may do some additional access control inside the PUT script. In all cases, make sure the PUT script does not have write access on directories and files which should not be written by it! If you're using Unix, you can easily set this up by having the PUT script run under a specific-assigned user id.