[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] security risk of unexpected download filenames

From: Solar Designer
Subject: Re: [Bug-wget] security risk of unexpected download filenames
Date: Fri, 21 May 2010 03:29:52 +0400
User-agent: Mutt/

On Thu, May 20, 2010 at 02:51:30PM -0700, Micah Cowan wrote:
> Hm... a problem with this is that it also applies to the case when
> someone is recursively-fetching, and the remote server is (even
> accidentally) misconfigured to include .htaccess in auto-generated
> indexes (and to allow public reading of that file). No obvious way to
> avoid that situation that I can think of... might be worth documenting
> somewhere.

Yes, the recursive-fetching risks probably need to be addressed in the
documentation only, not in the code.  I think they're also more likely
to be expected by the users.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]