> ([EMAIL PROTECTED]) spew-ed forth:
> > I've not been able to come up with any reasonable CGI that would be
> > creating a path that the user has any control over; why would one want
> > to do that?
> What about things like document/filesystem management tools? Or
> (re)configuration tools? Saying there is no need for it (which
> you didn't do :)
No way, I'm far too clever for that :)
I guess in my experience when I've done things that needed actual filesystem
access I've used a "trusted" model because I haven't needed "generic" user
access.
> Another example is web-based email, which allows you to create multiple
folders.
Sure, but when we did that they were based off of a root and we checked
for ..'s to avoid path... uh... backstepping.
Dave
