Hello, I've recently installed mod_mono and while playing around a bit I discovered that I could view any file on the server with a simple <!--include file--> directive. Is there a way to stop this behavior? I know in windows IIS this is called "parent paths" and is disabled by default.
I've also disabled mod_mono and tried the same include directive using SSI (.shtml) and it stops the activity. I believe it said that there was an error with the directive, which is good. I was planning on offering mod_mono to my clients but with this kind of behavior, any client could view the passwd file, traverse users directories, and gank any php/asp scripts stealing database passwords and all kinds of valuable information. Any help would be appreciated. Thanks, Jonathan -- View this message in context: http://www.nabble.com/asp.net-applications-allow-parent-directory-access-tp23331820p23331820.html Sent from the Mono - ASP.NET mailing list archive at Nabble.com. _______________________________________________ Mono-aspnet-list mailing list [email protected] http://lists.ximian.com/mailman/listinfo/mono-aspnet-list
