You can still get hit by a path traversal exploit. The safest option is to only ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cesnja 3 months ago \| parent \| context \| favorite \| on: You already have a Git server You can still get hit by a path traversal exploit. The safest option is to only have the public files on the server.

jonhohle 3 months ago [–]

A path traversal is different from putting private files in a public directory. For a simple static site there will always be certs, /etc, and other things outside of the document root that shouldn’t be served.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact