-----BEGIN PGP SIGNED MESSAGE----- The actual problem will start if someone is able to run the files from the server.instead of doing a c:\winnt\system32\cmd.exe if you can run http://whateverserver/somefile. Correct me if I am wrong.
- -----Original Message----- From: John R Ellingsworth [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 5:05 PM To: ruler Cc: [EMAIL PROTECTED] Subject: Re: scary site I think you are mistaken. Javascript can display directory contents to the client browser, but not transmit that info back to the server. Unless I am mistaken ;) On Wed, 6 Mar 2002, ruler wrote: >_There are also sites that will let you view all of your directory >trees, _which a server could easily see all of your files. Which do >you think is _more scary? >_----- Original Message ----- >_From: "leon" <[EMAIL PROTECTED]> >_To: <[EMAIL PROTECTED]> >_Sent: Tuesday, March 05, 2002 12:30 PM >_Subject: scary site >_ >_ >_> -----BEGIN PGP SIGNED MESSAGE----- >_> Hash: SHA1 >_> >_> http://www.liquidwd.freeserve.co.uk/ >_> >_> >_> Try it with a windows machine and IE with all patches. >_> >_> Be afraid be very afraid. >_> >_> FYI this is for all those people who are think that just having a >_> firewall is enough. >_> >_> Guess what? >_> >_> This works through packet filter, stateful inspection and proxy >_> servers. >_> >_> Cheers, >_> >_> Leon >_> >_> -----BEGIN PGP SIGNATURE----- >_> Version: PGPfreeware 6.5.8 for non-commercial use ><http://www.pgp.com> _> >_> iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t >_> T73+xCv/VhrCGDVDIVrFBqZl >_> =9gR6 >_> -----END PGP SIGNATURE----- >_> >_ - -- Thanks, John Ellingsworth Information Architect http://cu2k01.med.upenn.edu http://www.cu2000.med.upenn.edu +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- |j|e|l|l|i|n|g|s|@|ma|i|l|.|med|.|u|p|e|n|n|.|e|d|u| - -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQCVAwUBPIkAkCYOzo8iRaY+AQGIXwP/ZiWd5s1BU2MmC+EgKc4JrY9umv0MbEOP 9UH3bA/kakVlB4zGNkVmAiQ/L/EZWJsdrqsTXka0nBq5hOqT6seP8q6lDfFPpmSW KSOG7wVmckQh8yyvaOdJLTMZMDKjxwxHsz+vEl900Qt54e5jFrMlw3CoBmFSd67i ma2a9SEoad4= =f09p -----END PGP SIGNATURE-----
