Re: [Bug-wget] security risk of unexpected download filenames

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] security risk of unexpected download filenames

From:	Solar Designer
Subject:	Re: [Bug-wget] security risk of unexpected download filenames
Date:	Fri, 21 May 2010 03:29:52 +0400
User-agent:	Mutt/1.4.2.3i

On Thu, May 20, 2010 at 02:51:30PM -0700, Micah Cowan wrote:
> Hm... a problem with this is that it also applies to the case when
> someone is recursively-fetching, and the remote server is (even
> accidentally) misconfigured to include .htaccess in auto-generated
> indexes (and to allow public reading of that file). No obvious way to
> avoid that situation that I can think of... might be worth documenting
> somewhere.

Yes, the recursive-fetching risks probably need to be addressed in the
documentation only, not in the code.  I think they're also more likely
to be expected by the users.

Alexander

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] security risk of unexpected download filenames, Solar Designer, 2010/05/20
- Re: [Bug-wget] security risk of unexpected download filenames, Micah Cowan, 2010/05/20
  - Re: [Bug-wget] security risk of unexpected download filenames, Solar Designer, 2010/05/20
    - Re: [Bug-wget] security risk of unexpected download filenames, Micah Cowan, 2010/05/20
    - Re: [Bug-wget] security risk of unexpected download filenames, Solar Designer <=

Prev by Date: Re: [Bug-wget] security risk of unexpected download filenames
Next by Date: Re: [Bug-wget] wget-1.12-2359 alpha version
Previous by thread: Re: [Bug-wget] security risk of unexpected download filenames
Next by thread: [Bug-wget] Extra "wait" functionality...
Index(es):
- Date
- Thread