[1085] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Unix links subverting Web security

daemon@ATHENA.MIT.EDU (Christian Mogensen)
Thu Oct 26 23:21:50 1995

From: mogens@Mjosa.Stanford.edu (Christian Mogensen)
To: cwg@DeepEddy.Com (Chris Garrigues)
Cc: www-security@ns2.rutgers.edu
In-Reply-To: (Your message of Thu, 26 Oct 95 19:16:41 EST.)
             <v02120d02acb5d4fb9473@[192.12.3.3]> 
Date: Thu, 26 Oct 95 17:52:53 -0800
Errors-To: owner-www-security@ns2.rutgers.edu

Of course, the way to prevent the symlink attack is to disable FollowSymlinks
on the web server.  This still can't deal with the copied file - so it
means that Shadow Passwords are the order of the day.

Christian 'webhead'


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[1085] in WWW Security List Archive

Re: Unix links subverting Web security

daemon@ATHENA.MIT.EDU (Christian Mogensen)Thu Oct 26 23:21:50 1995

daemon@ATHENA.MIT.EDU (Christian Mogensen)
Thu Oct 26 23:21:50 1995