« WebKit: Typing Option-space should insert   | Main | Converting a .Mac account to a Family Pack sub-account »

HTTP security

From the Apache HTTP Server manual:

It is important to never use <Location> when trying to restrict access to objects in the filesystem. This is because many different webspace locations (URLs) could map to the same filesystem location, allowing your restrictions to be circumvented.

Apparently, (1) the same thing applies to Microsoft IIS and (2) our IT department is not aware of it.

TrackBack

TrackBack URL for this entry: http://ithink.ch/blog/tb.cgi/183.

Make sure JavaScript is enabled before using this URL. If you would like to ping my blog but can't, please do send me an e-mail at os3476 at this domain.

Post a comment

Make sure JavaScript is enabled before posting a comment. If you would like to post a comment but can't, please do send me an e-mail at os3476 at this domain.

Do not meddle in the affairs of Coding Ninjas, for they are subtle and quick to anger.