John u beat me 2 it - when Gertjan mentioned this I had a hazy memory of something in this area
I finaly remembered over a beer last night that it was on your excellent security course so it's not so much dozing but loosing grey cells and for anyone else the GJ security course is an excellent investment (as long as you remember it :} ) peter On Thu, 29 Jul 2004 23:30:56 +0100, "John Murray" <[EMAIL PROTECTED]> wrote: >"Peter Cooper" <[EMAIL PROTECTED]> wrote in message >news:[EMAIL PROTECTED] >> Gertjan >> >> >http://example.com/app/_CSP.StreamServer.cls?FILE=/app/login.csp >> >> we live and learn >> I did not know that you could do the above line :{ > >Peter, you must have been dozing when we reached that page of our Cach� >Security Essentials course :-) It has a slide to itself in Part 2. > >Prior to 4.1.5 you could also use ../ on the FILE parameter to back up the >file tree until you were above the directory that the CSP app declared. Then >you could go down another path. It was a great way of helping yourself to >any file on the Cach� server (cache.key, cache.dat etc). ISC released a >patch for that flaw in November 2001. > >As it is, you can still get to subdirectories when "Serve files" is enabled >for your CSP app. > >John Murray >George James Software >www.georgejames.com
