> > looks like you may be setting yourself up for a source disclosure > attack > > by making them serveable by your http daemon. > > Source disclosure attack? Please explain...
Say you have some server side logic. Lets use php for example. source disclosure would be if somebody were to download the source file without it being processed by the web server. So the attacker sees all the source he normally wouldn't see, like passwords for sql servers or the seed code for some kind of transform for session management. ASP used to be especially vulnerable. So if you had a directory full of class files or other things that the user wouldn't use directly, you typically want to only make them available to the web application. tack _______________________________________________ Bits mailing list [EMAIL PROTECTED] http://www.sugoi.org/mailman/listinfo/bits
