On 2007-10-11 18:01, Larry Becke wrote:
> Look, I'm tired of arguing my reasons. Let's just agree to disagree on my reasoning.


That agreement is implicit. :^)

> Answer the question.
> Can this be done?


Theoretically. See my previous message.

> Is it so terribly hard to add the feature?


It's not easy. See my previous message, and do a little research on path
canonicalization and past directory traversal vulnerabilities in, e.g.
IIS and Apache, to understand this better.

> Will it hurt anything to add the feature?


If it isn't done 100% correctly, yes. See my previous message.

> I'd be happy to discuss offline the reasoning behind my request.
> It's valid, and if you'd bother to keep an open mind, you might actually understand where I'm coming from.


I think we're way ahead of where you're coming from, which is why I
asked, "Have you tried WebDAV over SSL?"

--
Jefferson Ogata
NOAA Computer Incident Response Team (N-CIRT)
"Never try to retrieve anything from a bear."--National Park Service
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev