Harold Hallikainen wrote:

>> <basePath>/./file
>> <basePath>/../file
>> <basePath>/../../path/path/file
>> <basePath>//path/file

> I guess it's really up to the http server as to how it handles the GET
> request. 

Exactly. Normal file system rules apply.

> By the way, I see a lot of requests for ../../../../etc/passwd on my
> server logs. 

A typical web server won't service any requests for files that are above
its web root directory. That's why "<basePath>/../../path/path/file"
from the examples above assumes that basePath contains at least two
directory levels after the server name.

Gerhard
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist