httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Elizabeth Mattijsen <>
Subject Re: Spaces in Win32 executable names
Date Fri, 22 Aug 1997 15:19:52 GMT
At 16:03 8/22/97 +0100, Ben Laurie wrote:
>This has also been discussed already. The question is how do you know a
>filename is munged?

Do you need to know if you are only checking against the long filename?  I
don't think so.  If requested filename looks like a munged filename, but
matches with a long filename, than that is ok: the long filename that looks
like a munged filename, was then put there on purpose, not because Winxx
decided to munge it...

>Ahem. If they have access to your server sufficient to rename
>directories, you have severe security problems, anyway. Furthermore,
>they can bypass security without reference to name munging if they can

Agree.  But the munging would make it less obvious when it happened.  But
yes, you would have a greater problem then...

Elizabeth Mattijsen
xxLINK Internet Services

View raw message