[pmwiki-users] how does one encode "file:" link in a wiki page?

Neil Herber nospam at mail.eton.ca
Wed Feb 2 10:41:47 CST 2005


At 2005-02-03  03:43 AM +1300, Robin is rumored to have said:
>On Wednesday 02 February 2005 05:19, Neil Herber wrote:
> > The rule seems to be:
> >          if I am on a web page, do not open local files
> >          elseif I have opened a local file, do open other local files
> > linked from it
>Yes, it is for security reasons. It prevents things like checking for the
>existence of local files that could be used to attack systems.

Robin

This makes no sense at all to me. If I am sitting at the keyboard of a 
machine and I type in a valid file or directory reference, the browser 
displays a directory listing or a file.

If I browse to a web page that has a link to that very same name, I cannot 
click on it and see the file. How can a link to a local file be a security 
threat? It only shows the file locally. It's not like the browser is 
sending a confirmation of file existence back to the host. Or is there some 
exploit I should know about?


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 




More information about the pmwiki-users mailing list