I inadvertently had,
<A HREF= >blah....</A>
in one of my files and the result was I got a directory listing.
Now most sys admins don't have time to check every link of every document
of every user so a simple mistake like this could inadvertently give
people access to the filesystem through the web server, which is not
good at all.
This "feature" should really be removed to stop this inadvertently
happenning. For those situations where you genuinely need it, such
as directories with retrievable files (ala ftp), it can be enabled on
a per directory basis using the normal access mechanisms.
Andy assures me this is such a widely relied on feature though that
a compromise would be to add an option to disable it.
--
Paul Richards, Bluebird Computer Systems. FreeBSD core team member.
Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
Phone: 0370 462071 (Mobile), +44 1222 457651 (home)
<A HREF= >blah....</A>
in one of my files and the result was I got a directory listing.
Now most sys admins don't have time to check every link of every document
of every user so a simple mistake like this could inadvertently give
people access to the filesystem through the web server, which is not
good at all.
This "feature" should really be removed to stop this inadvertently
happenning. For those situations where you genuinely need it, such
as directories with retrievable files (ala ftp), it can be enabled on
a per directory basis using the normal access mechanisms.
Andy assures me this is such a widely relied on feature though that
a compromise would be to add an option to disable it.
--
Paul Richards, Bluebird Computer Systems. FreeBSD core team member.
Internet: paul@FreeBSD.org, http://www.freebsd.org/~paul
Phone: 0370 462071 (Mobile), +44 1222 457651 (home)