Home > Archive > ASP > October 2004 > Parent Paths
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| news.microsoft.com 2004-10-26, 3:55 pm |
| If I've enabled Parent Paths (PP) in IIS, but have installed the URL Filter
and disallowed ".." and "../" within links, am I covered from the
vulnerabilities of PP's?
This allows me to use PP's in #Include statements, but doesn't allow
visitors to use PP's in their links to access directories on my server.
Is this correct?
TIA
| |
| Ben Strackany 2004-10-28, 3:55 pm |
| Sounds like it would work...are you able to test it and see?
--
Ben Strackany
www.developmentnow.com
"news.microsoft.com" <me@here.com> wrote in message
news:%230nt8W4uEHA.1308@TK2MSFTNGP09.phx.gbl...
> If I've enabled Parent Paths (PP) in IIS, but have installed the URL
Filter
> and disallowed ".." and "../" within links, am I covered from the
> vulnerabilities of PP's?
>
> This allows me to use PP's in #Include statements, but doesn't allow
> visitors to use PP's in their links to access directories on my server.
>
> Is this correct?
>
> TIA
>
>
| |
|
| Yes, it does work. I was just wondering if there were any other
vulnerabilities that I might have missed (in regards to using Parent Paths)
"Ben Strackany" <infoNOSPAM@developmentnow.nospam.com> wrote in message
news:%23YyORXQvEHA.1400@TK2MSFTNGP11.phx.gbl...
> Sounds like it would work...are you able to test it and see?
>
> --
> Ben Strackany
> www.developmentnow.com
>
>
> "news.microsoft.com" <me@here.com> wrote in message
> news:%230nt8W4uEHA.1308@TK2MSFTNGP09.phx.gbl...
> Filter
>
>
|
|
|
|
|