Because this appears to be one of the first obvious things to prevent while coding virtual hosting support in an HTTP server."Sandip" == Sandip Bhattacharya <[EMAIL PROTECTED]> writes:
Sandip> Raj Mathur wrote:
>> [Please upgrade if you use webfs on any platform -- Raju]
>> >> >> CAN-2003-0832 - When virtual hosting is enabled, a remote
>> client could specify ".." as the hostname in a request,
>> allowing retrieval of directory listings or files above the
>> document root.
Sandip> This is so crazy!
Hmm, why?
- Sandip
-- Sandip Bhattacharya http://www.sandipb.net sandip at puroga.com Puroga Technologies Pvt. Ltd. http://www.puroga.com
_______________________________________________ ilugd mailing list [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd
