« September 25, 2007 | Main | October 8, 2007 »

September 26, 2007

HTTP security

From the Apache HTTP Server manual:

It is important to never use <Location> when trying to restrict access to objects in the filesystem. This is because many different webspace locations (URLs) could map to the same filesystem location, allowing your restrictions to be circumvented.

Apparently, (1) the same thing applies to Microsoft IIS and (2) our IT department is not aware of it.

Posted by Ölbaum, early afternoon | Comments (0) | TrackBacks (0)

Archives Categories
RSS
Do not meddle in the affairs of Coding Ninjas, for they are subtle and quick to anger.
© 2006 Ölbaum.ch Powered by Movable Type 4.38