[aida] WebStaticServer serves everything

Janko Mivšek janko.mivsek at eranova.si
Mon Oct 15 17:59:13 CEST 2012


Done! Thanks for exposing that security problem Herbert.

Best regards
Janko

Dne 15. 10. 2012 17:09, piše Herbert König:
> Hi Janko,
> 
> seems useful to me because the images directory contains a lot of
> sensitive data. At least in Squeak you can wget squeak.ini and know the
> image name.
> 
> Cheers,
> 
> Herbert
> 
> Am 15.10.2012 16:58, schrieb Janko Mivšek:
>> Hi Herbert,
>>
>> What if we change the default home directory for static serving to
>> ./static instead? If this directory doesn't exist, nothing will be
>> served. This will prevent browsing a home directory with image and
>> .changes files, among others, which is certainly a security risk.
>>
>> Best regards
>> Janko
>>
>>
> 
> _______________________________________________
> Aida mailing list
> Aida na aidaweb.si
> http://lists.aidaweb.si/mailman/listinfo/aida

-- 
Janko Mivšek
Svetovalec za informatiko
Eranova d.o.o.
Ljubljana, Slovenija
www.eranova.si
tel:  01 514 22 55
faks: 01 514 22 56
gsm: 031 674 565


More information about the Aida mailing list