A collegue of mine discovered a very interesting bug in several Web
server packages. if you protect a file that is not 8.3 in its makeup
you can often access the canonical name without restriction. EG:
if a file named "somelongfile.htm" and you protect it then you can
access somef~1.htm if somel~1.htm is the canonical name. (don't recall
the corect NT term). This also applies to directory names as well.
We have notified some of the affected vendors but haven't tested all
the various NT Web servers.
Know to be affected are IIS 4.0, Netscape Enterprise 3.0x and Website
Pro don't recall the version.
-- Email: skafte@worldgate.com Voice: +403 413 1910 Fax: +403 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris)