Re: [Assp-user] Unallowed file

Fri, 18 Aug 2006 09:16:35 -0700 

Hi,

        You are right and I am wrong :)
        In fact I didn't realize that the .. is speciffically forbidden just 
before that RE :)
        So the problem doesn't really exist!

        Regards!
Javier

----- Original Message ----- 
From: "Micheal Espinola Jr" <[EMAIL PROTECTED]>
To: "Questions and Answers for users of ASSP Anti-Spam SMTP Proxy" 
<[email protected]>
Sent: Friday, August 18, 2006 12:53 PM
Subject: Re: [Assp-user] Unallowed file


> Javier Albinarrate wrote:
>>         What do you think?
>
> $.02:  I think this is increasingly becoming the wrong approach.  The
> interface allows for files to be placed in any [sub]directory of the
> admins choosing.  For instance, take a look at my [preferred] directory
> structure off the ASSP base:
>
> ----------
> bak
> bin
> blackholes
> clamav
> corpus
> databases
> images
> lists
> maillog
> notes
> pb
> rc
> reports
> ----------
>
> My RE list-files are in the "lists" directory. My maillog is in the
> "maillog" directory, etc ,etc.  This current line of thought for how to
> secure the issue could cause problems for anyone that is using
> subdirectories in the "file:" specifications.  i.e.:
>
>   file:lists/noProcessing.txt
>
> +$.02:  I think we should enforce specific file types, the directory
> structure must be within the $base, and no reverse traversals (i.e.
> /../) allowed.
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job 
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Assp-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-user
> 


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user

Reply via email to