On Wed, 10 Aug 2005, bruce wrote: > hi... > > i just discovered that i can fire up a browser from my FC3 environment, and > that i can do "file:///home/foo" and i'm presented with a list of the files > in the directory, and that i can then examine the files.... > > obviously i don't want this behavior!!!! is there some attribute/directive > that i can set within the apache conf file that will prevent this from > occuring. > > i've been searching google/apache but can't seem to find what i'm missing.. > > thanks > > -bruce > bedouglas@xxxxxxxxxxxxx > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > Bruce, I know that seems scary, but it's quite harmless. The only folks who can do that are people who are already logged into your computer. Moreover, it's not Apache that is serving those files. It's the OS itself. The browser lives on the filesystem, so the browser can read the filesystem when it's run by someone logged into that computer. No one can use "file://" from a remote machine and read your files. -- Craig Dunigan IS Technical Services Specialist (I don't know what it means, either) Middleware - Enterprise Info Systems - Department of Info Technology University of Wisconsin, Madison opinions expressed are my own, not the University's --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|