[aida] WebStaticServer serves everything

Herbert König herbertkoenig at gmx.net
Mon Oct 15 17:09:31 CEST 2012


Hi Janko,

seems useful to me because the images directory contains a lot of 
sensitive data. At least in Squeak you can wget squeak.ini and know the 
image name.

Cheers,

Herbert

Am 15.10.2012 16:58, schrieb Janko Mivšek:
> Hi Herbert,
>
> What if we change the default home directory for static serving to
> ./static instead? If this directory doesn't exist, nothing will be
> served. This will prevent browsing a home directory with image and
> .changes files, among others, which is certainly a security risk.
>
> Best regards
> Janko
>
>



More information about the Aida mailing list