> what Apache would give for the parent directory, but even if that did
> point outside of the DocumentRoot, Apache should never serve a document
> that's out of bounds. If it does, this seems to suggest a serious
> hole.
Apache will serve up documents outside the document root via
symbolic links if you have configured it to follow symbolic
links and not followed their advice to deny access to
all files by default.
This is a security issue but I think it is addressed in the
documentation to some extent:
http://www.apache.org/docs/misc/security_tips.html
--
Albert Lunde [EMAIL PROTECTED] (new address)
[EMAIL PROTECTED] (old address)
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
