perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Perrin Harkins" <per...@elem.com>
Subject Re: Current working directory always "/"
Date Thu, 22 May 2008 19:39:49 GMT
On Thu, May 22, 2008 at 5:50 AM, william <yingun@gmail.com> wrote:
> Btw, could you tell me how does full paths increase security ?

It prevents some attacks based on tricking your application into
working on different files.  If you don't assume a certain working
directory, you won't be compromised if someone finds a way to change
it.

Using absolute paths is pretty common advice, e.g.:
http://advosys.ca/papers/web-security.html#absolute

- Perrin

Mime
View raw message