despeset
commented
11 years ago Yeah this is bad.
Closed astrieanna closed 11 years ago
despeset
commented
11 years ago Yeah this is bad.
zachallaun
commented
11 years ago What are you talking about? This is an incredible feature! On Mar 24, 2013 1:10 PM, "Daniel Mendel" notifications@github.com wrote:
Yeah this is bad.
— Reply to this email directly or view it on GitHubhttps://github.com/hackerschool/webstack.jl/issues/37#issuecomment-15362934 .
So, run
julia ./example/meddle.jl. Thencurl localhost:8000/../../../../../../bin/lsorcurl localhost:8000/../julia/README.md, for example.Basically, you are serving all the files on your computer to anyone who can guess the paths. I'm assuming the intention is to trap the file paths to being within the directory passed to the fileserver MidWare in its constructor.
This would get worse if you were generating pages to display for folders (as in, with links to file pages), since then you could basically run
lson the server running the file server, too -- which makes guessing a lot easier.