[EMAIL PROTECTED] wrote:
Static servers are usually designed where the URL maps to part of the
file system. You asked earlier why static files (such as css and image
files) should not be stored alongside the scripts. This is because a
clever hacker could guess where you have stored your scripts and trick
the static server into returning them (such as a hacker asking for
/static/css/../../../settings.py, whoops he just got your database
username and password!).
are you trying to say that Django's static server doesn't filter the URL
before adding it to the document root ?
> As I said before, this is not specifically a Django thing
I cannot recall ever seeing a HTTP server that didn't attempt to handle
this, and I've never heard of a static HTTP server developer that hasn't
treated a failure to handle this as a critical security hole.
</F>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django
users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
