Michael Bernstein wrote: <snipped>
/ /images /a /b /c
it is entirely possible to go to the folowing URL:
www.yourdomain.com/a/b/c/b/c/a/b/a/c/b/images/someimage.gif
and actually retrieve the image. Directories are subject to acquisition just like Methods are, so beware of referring to sibling directories as sub-directories when creating relative URL's. The browser (correctly) sees most of these images as having distinct URL's, and so does not retrieve them from the cache.
This behavior of aquiring subdirectories leads to some very interesting issues, especially given the prevelance of buffer-overflow problems showing up in all sorts of software these days. I noticed that a directory even inherits _itself_ as a subdir, so www.your.domain.com/a/b/c/c/c/c/c/c/c/c/c/c/c/c... is a possibility. Reminds me of an old DOS exploit, involving subdir nesting > 256(?). Anyone want to come up with a take on the security impact of this? At minimum, I'd think you can kill browsers with this, perhaps take them over. It's not really a problem with Zope, just an interesting side issue. Ross -- Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu> NSBRI Research Scientist/Programmer Computer and Information Technology Institute Rice University, 6100 S. Main St., Houston, TX 77005