Y
Hacker News
new
|
ask
|
show
|
jobs
by
cesnja
230 days ago
You can still get hit by a path traversal exploit. The safest option is to only have the public files on the server.
1 comments
jonhohle
230 days ago
A path traversal is different from putting private files in a public directory. For a simple static site there will always be certs, /etc, and other things outside of the document root that shouldn’t be served.
link