[Zope-dev] Re: Unsecure design of ExternalFile
Martijn Pieters
mj@zope.com
Thu, 7 Nov 2002 17:22:28 -0500
On Thu, Nov 07, 2002 at 11:24:35AM -0500, Craeg K Strong wrote:
> What would you recommend? Perhaps there should be
> a predefined list of "forbidden" directories for ExternalFiles?
> The problem is that-- in the development scenario-- the
> very things you mention below might be what you
> legitimately *want* to do as a developer.
'Jail' the base directory. Files can only be referenced within the jail.
Relative paths outside the jail are forbidden. This is what FTP and web
servers do, and so should ExternalFiles. A full path (starting with a '/')
then starts at the base directory.
The base directory should not be configurable through the web. Rather, use
an environment variable. Only one directory is needed, as files that need to
be accessible can be copied or symlinked.
--
Martijn Pieters
| Software Engineer mailto:mj@zope.com
| Zope Corporation http://www.zope.com/
| Creators of Zope http://www.zope.org/
---------------------------------------------