httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "bruce" <bedoug...@earthlink.net>
Subject RE: [users@httpd] apache question??
Date Wed, 10 Aug 2005 17:39:42 GMT
you know... this was truly one of the homer simpson moments!!!!

you know the one..'DoH!!!!'

i realized right after i hit the send key that this wasn't apache.. but
rather filesystem...

thanks for the replies...


-----Original Message-----
From: Craig Dunigan [mailto:cdunigan@doit.wisc.edu]
Sent: Wednesday, August 10, 2005 10:19 AM
To: users@httpd.apache.org; bedouglas@earthlink.net
Subject: Re: [users@httpd] apache question??


On Wed, 10 Aug 2005, bruce wrote:

> hi...
>
> i just discovered that i can fire up a browser from my FC3 environment,
and
> that i can do "file:///home/foo" and i'm presented with a list of the
files
> in the directory, and that i can then examine the files....
>
> obviously i don't want this behavior!!!! is there some attribute/directive
> that i can set within the apache conf file that will prevent this from
> occuring.
>
> i've been searching google/apache but can't seem to find what i'm
missing..
>
> thanks
>
> -bruce
> bedouglas@earthlink.net
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

Bruce,

I know that seems scary, but it's quite harmless.  The only folks who
can do that are people who are already logged into your computer.
Moreover, it's not Apache that is serving those files.  It's the OS
itself.  The browser lives on the filesystem, so the browser can read
the filesystem when it's run by someone logged into that computer.  No
one can use "file://" from a remote machine and read your files.

--
Craig Dunigan
IS Technical Services Specialist (I don't know what it means, either)
Middleware - Enterprise Info Systems - Department of Info Technology
University of Wisconsin, Madison

opinions expressed are my own, not the University's





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message