- From: BearHeart / Bill Weinman <bearheart@bearnet.com>
- Date: Wed, 03 Jan 1996 00:25:12 -0600
- To: Eric Gauthier <gauthier@centre.edu>, flavio@sol.dimap.ufrn.br, www-html@w3.org
At 06:41 pm 1/2/96 -0200, Flavio Marcelo C B do Amaral spake:
>> Some weeks ago I got some mails about some potential security risks
>> about the method GET /a/b/../file. I am a graduated student at UFRN in Brazil
<snip>
At 12:37 am 1/3/96 EST, Eric Gauthier wrote:
>The security risk here is a bit indirect. The problem
>lies in using the relative directory scheme. Web Servers are
<snip>
This was discussed at length in the http-wg list last month, since
it's really more of an HTTP issue than HTML. I would suggest that you
take a look at the archives for the subject, "Potential HTTP Security
Risk", begining about 27 December 1995.
The archives for the http-wg mailing list are available (in
HTML/hypermail format) at:
http://www.ics.uci.edu/pub/ietf/http/hypermail/
+--------------------------------------------------------------------------+
| BearHeart / Bill Weinman | BearHeart@bearnet.com | http://www.bearnet.com/
| Author of The CGI Book -- http://www.bearnet.com/cgibook/
Received on Wednesday, 3 January 1996 01:25:42 UTC