[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] security risk of unexpected download filenames
From: |
Solar Designer |
Subject: |
Re: [Bug-wget] security risk of unexpected download filenames |
Date: |
Fri, 21 May 2010 03:29:52 +0400 |
User-agent: |
Mutt/1.4.2.3i |
On Thu, May 20, 2010 at 02:51:30PM -0700, Micah Cowan wrote:
> Hm... a problem with this is that it also applies to the case when
> someone is recursively-fetching, and the remote server is (even
> accidentally) misconfigured to include .htaccess in auto-generated
> indexes (and to allow public reading of that file). No obvious way to
> avoid that situation that I can think of... might be worth documenting
> somewhere.
Yes, the recursive-fetching risks probably need to be addressed in the
documentation only, not in the code. I think they're also more likely
to be expected by the users.
Alexander