Parent Paths

If I've enabled Parent Paths (PP) in IIS, but have installed the URL Filter
and disallowed ".." and "../" within links, am I covered from the
vulnerabilities of PP's?

This allows me to use PP's in #Include statements, but doesn't allow
visitors to use PP's in their links to access directories on my server.

Is this correct?

TIA

Sounds like it would work...are you able to test it and see?

--
Ben Strackany
www.developmentnow.com


"news.microsoft.com" <me@here.com> wrote in message
news:%230nt8W4uEHA.1308@TK2MSFTNGP09.phx.gbl...
> If I've enabled Parent Paths (PP) in IIS, but have installed the URL
Filter
> and disallowed ".." and "../" within links, am I covered from the
> vulnerabilities of PP's?
>
> This allows me to use PP's in #Include statements, but doesn't allow
> visitors to use PP's in their links to access directories on my server.
>
> Is this correct?
>
> TIA
>
>

Yes, it does work. I was just wondering if there were any other
vulnerabilities that I might have missed (in regards to using Parent Paths)


"Ben Strackany" <infoNOSPAM@developmentnow.nospam.com> wrote in message
news:%23YyORXQvEHA.1400@TK2MSFTNGP11.phx.gbl...
> Sounds like it would work...are you able to test it and see?
>
> --
> Ben Strackany
> www.developmentnow.com
>
>
> "news.microsoft.com" <me@here.com> wrote in message
> news:%230nt8W4uEHA.1308@TK2MSFTNGP09.phx.gbl... 
> Filter 
>
>