英文:
Does FileServer handler only serve what is inside the directory you specify?
问题
例如,用户是否可以使用Linux命令将您的URL放在上一级文件夹/目录中?
假设我的服务器包含以下内容:
bin/
serverfile.go
...
public/
index.html
style.css
"www.example.com/../bin/etc"
其中serverfile.go包含以下内容:
pacakage main
import "net/http"
func main() {
htttp.ListenAndServe(":8000", http.FileServer(http.Dir("public")))
}
英文:
For example, can a user put your url with linux commands to go up a folder/directory?
Let's say my server consist of:
bin/
serverfile.go
...
public/
index.html
style.css
"www.example.com/../bin/etc"
with serverfile.go consisting of:
pacakage main
import "net/http"
func main() {
htttp.ListenAndServe(":8000", http.FileServer(http.Dir("public")))
}
答案1
得分: 1
http.FileServer会阻止您指定的根目录的突破。
相比之下,您可以使用http.ServeFile构建自己的文件服务器,但这可能是一项危险的任务。
另请参阅https://stackoverflow.com/questions/28793619/golang-what-to-use-http-servefile-or-http-fileserver
英文:
The http.FileServer inhibits a breakout of the root directory you specify.
In contrast you could build your own file server with http.ServeFile which would potentially be a dangerous undertaking.
See also https://stackoverflow.com/questions/28793619/golang-what-to-use-http-servefile-or-http-fileserver
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论