It was thus said that the Great Neelay Shah once stated: > > --- "Roger B.A. Klorese " <rogerk@xxxxxxxxxxxx> wrote: > > > Hard links don't exist in Windows, do they? > > > > And on Linux and other Unixen they require suitable > > permissions on the > > object. > > Well, there are some programs like "junction" > available on sysinternals that supposedly make hard > link equivalent on windows...and the point is the user > can create a hard link to c:\ in his user dir. and it > will expose the whole hard drive and that is why I am > concerned about it...how to stop the web server from > following ... But who is this "user" and why are you so concerned about it? But in any case ... Don't run Apache. Or restrict the number of people that can work on the box [4]. Or (and I'm not sure how hard links would work under Windows but I know how they work under Unix, and *this* method *would* work under Unix) put Apache and all the websites on their own physical drive (under Unix, you can't hardlink to a file on a separate partition or drive). I've been administrating webservers now for oh ... 10 years or so, and frankly, this is the *first* time this particular issue has come up in my experience. And honestly, I don't see what's so bad about seeing the root of a Windows system [1][2]. -spc (You can't be 100% secure [3][4] on the Internet ... ) [1] "/etc/" under Unix? Maybe a different story, but still, the only file I'd be worried about would be "/etc/shadow" and that's usually readable only by root, and Apache doesn't serve up files as "root" (unless it's one horribly configured system). [2] Then again, I admin Unix and don't really use Windows. [3] Well, you *can*, but only if you disconnect the machine from the Internet, place it in a deep underground bunker, filled with concrete, and post guards at the entrance with orders to shoot anyone on sight. [4] You can do stuff right, and *still* be hacked: http://boston.conman.org/2004/09/19.1 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx