[Esapi-user] Octet-byte streaming
chris.schmidt at owasp.org
Mon Jul 9 16:09:00 UTC 2012
The premise is that if you are providing access to your real filesystem
directly that could be exploited by an attacker to
1. Download files that they shouldn¹t have access too (Path Traversal)
2. Host Malware if you also allow Uploading
Hopefully that helps.
On 7/9/12 10:02 AM, "Luke Biddell" <luke.biddell at gmail.com> wrote:
> I'm reading the cheat sheet on "Failure to restrict url access" here
> . https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
> One of the things it suggests is
> "Use octet byte streaming instead of providing access to real files such
> as PDFs or CSVs or similar"
> I've had a google but not come up with any reasonable explanations of the
> attack vector here?
> Can any of you guys enlighten me?
> Thanks as always.
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
ESAPI Project Manager (http://www.esapi.org)
ESAPI4JS Project Owner (http://bit.ly/9hRTLH)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Esapi-user