Bret McMillan wrote: > > I'm looking at http://www.engelschall.com/pw/apache/rewriteguide/#ToC4 right > now, at the bottom for an external rewriting engine... > > wouldn't this take "http://www.server.com/foo/HelloWorld.html"; and then just > basically ask apache to find a document "http://www.server.com/..\..\[as > many as needed to get to root dir]/bret/HelloWorld.html" ? > Wouldn't that open a large security hole? > > Bret >
Hmmm... I don't think so, but I've been wrong before... Under Unix you could backtrack to the /etc/shadow or something... Not a good thing... -Sneex- ______________________________________________________________________ Bill Jones | FCCJ Webmaster | http://www.fccj.org/cgi/mail?webmaster http://certserver.pgp.com:11371/pks/lookup?op=get&search=0x37EFC00F
