Re: Security

BearHeart / Bill Weinman (bearheart@bearnet.com)
Wed, 03 Jan 1996 00:25:12 -0600


Message-Id: <2.2.32.19960103062512.006caaf8@204.145.225.20>
Date: Wed, 03 Jan 1996 00:25:12 -0600
To: Eric Gauthier <gauthier@centre.edu>, flavio@sol.dimap.ufrn.br,
From: BearHeart / Bill Weinman <bearheart@bearnet.com>
Subject: Re: Security

At 06:41 pm 1/2/96 -0200, Flavio Marcelo C B do Amaral spake:
>>	Some weeks ago I got some mails about some potential security risks
>> about the method GET /a/b/../file. I am a graduated student at UFRN in Brazil

   <snip>

At 12:37 am 1/3/96 EST, Eric Gauthier wrote:
>The security risk here is a bit indirect.  The problem
>lies in using the relative directory scheme.  Web Servers are

   <snip>

   This was discussed at length in the http-wg list last month, since 
it's really more of an HTTP issue than HTML. I would suggest that you 
take a look at the archives for the subject, "Potential HTTP Security 
Risk", begining about 27 December 1995. 

   The archives for the http-wg mailing list are available (in 
HTML/hypermail format) at: 

      http://www.ics.uci.edu/pub/ietf/http/hypermail/


+--------------------------------------------------------------------------+
| BearHeart / Bill Weinman | BearHeart@bearnet.com | http://www.bearnet.com/ 
| Author of The CGI Book -- http://www.bearnet.com/cgibook/