Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
Nicholas Bohm
nbohm at ernest.net
Wed Aug 4 10:44:16 BST 2010
Matthew Pemble wrote:
>
>
> On 4 August 2010 08:15, Francis Davey <fjmd1a at gmail.com
> <mailto:fjmd1a at gmail.com>> wrote:
>
>
> However, that's all beside the point. This thread seems to be
> wandering all over the place and this is partly because there's
> confusion between:
>
> * what people think might or might not be morally right in general
> concerning URL truncation
> * whether URL truncation constitutes unauthorized access within the
> meaning of section 1 of the Computer Misuse Act 1990
>
>
> Or is the point that people are becoming confused between URL
> truncation and a "Directory Traversal Attack", using the well-known
> '/../' syntax (just the same as, at the time, appending '.' to a .php
> URL often gave you the script source rather than the product)?
> Although Peter's pdf doesn't make it clear although other
> contemporaneous sources
> (http://www.samizdata.net/blog/archives/008118.html) do mention the
> method.
Yes, I certainly confused the two. What exactly does the "/../" syntax
do, and why does it matter to the host? (The article you link isn't
explicit enough for me to follow.)
Nicholas
--
Contact and PGP key here <http://www.ernest.net/contact/index.htm>
More information about the ukcrypto
mailing list