[pmwiki-users] how does one encode "file:" link in a wiki page?
nospam at mail.eton.ca
Wed Feb 2 10:41:47 CST 2005
At 2005-02-03 03:43 AM +1300, Robin is rumored to have said:
>On Wednesday 02 February 2005 05:19, Neil Herber wrote:
> > The rule seems to be:
> > if I am on a web page, do not open local files
> > elseif I have opened a local file, do open other local files
> > linked from it
>Yes, it is for security reasons. It prevents things like checking for the
>existence of local files that could be used to attack systems.
This makes no sense at all to me. If I am sitting at the keyboard of a
machine and I type in a valid file or directory reference, the browser
displays a directory listing or a file.
If I browse to a web page that has a link to that very same name, I cannot
click on it and see the file. How can a link to a local file be a security
threat? It only shows the file locally. It's not like the browser is
sending a confirmation of file existence back to the host. Or is there some
exploit I should know about?
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users