Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)

Nicholas Bohm nbohm at
Wed Aug 4 11:53:29 BST 2010

Adrian Hayter wrote:
>> Yes, I certainly confused the two.  What exactly does the "/../" syntax
>> do, and why does it matter to the host?  (The article you link isn't
>> explicit enough for me to follow.)
>> Nicholas
>> -- 
>> Contact and PGP key here <>
> Consider that the url pointed to
> the location /var/www/ on a server.
> Doing a directory traversal on the url (such as:
> ) would (on some insecure
> servers) get the location /var/www/ Now we know from the
> previous location that the directory 'public' is contained here, but
> so could some other directories, such as 'logs' or even important
> private information.
> As you can see, this would matter to the host, since a lot of
> webservers are configured to display the contents of directories when
> they do not come across a specified index file (such as index.html or
> index.php). If you have a folder that is meant to be publicly
> accessible, you do not want people to be able to traverse out of that
> directory and into one that contains private data.

Most helpful - thank you.

Taking the above example, could you explain the difference in effect
between and <>?  Do they not
lead to the same location on the server, namely /var/www/

Contact and PGP key here <>

More information about the ukcrypto mailing list