JEP 408 - Should path within hidden directories/symlinks be allowed as root path?
Jaikiran Pai
jai.forums2013 at gmail.com
Mon Nov 22 09:29:20 UTC 2021
The newly introduced simple webserver when launched from a directory
does necessary checks to disallow serving of hidden files (and
symlinks). So if I do something like:
cd ~/
java -m jdk.httpserver
and then issue a HTTP request against something like
localhost:8000/.ssh/known_hosts, then it won't serve that content
because .ssh is a hidden directory. This behaviour matches what's stated
in the JEP 408.
However, if I instead launch the server from within a hidden directory,
like:
cd ~/.ssh/
java -m jdk.httpserver
and then issue a localhost:8000/known_hosts request, then it does end up
serving that content.
Should the root path against which the server is launched be checked to
see if any of its parent path(s) are hidden directories (or symlinks)
and if so disallow the server creation?
-Jaikiran
More information about the net-dev
mailing list