Re: Security

BearHeart / Bill Weinman (
Wed, 03 Jan 1996 00:25:12 -0600

Message-Id: <>
Date: Wed, 03 Jan 1996 00:25:12 -0600
To: Eric Gauthier <>,,
From: BearHeart / Bill Weinman <>
Subject: Re: Security

At 06:41 pm 1/2/96 -0200, Flavio Marcelo C B do Amaral spake:
>>	Some weeks ago I got some mails about some potential security risks
>> about the method GET /a/b/../file. I am a graduated student at UFRN in Brazil


At 12:37 am 1/3/96 EST, Eric Gauthier wrote:
>The security risk here is a bit indirect.  The problem
>lies in using the relative directory scheme.  Web Servers are


   This was discussed at length in the http-wg list last month, since 
it's really more of an HTTP issue than HTML. I would suggest that you 
take a look at the archives for the subject, "Potential HTTP Security 
Risk", begining about 27 December 1995. 

   The archives for the http-wg mailing list are available (in 
HTML/hypermail format) at:

| BearHeart / Bill Weinman | | 
| Author of The CGI Book --