That WAF needs to be tuned. If they’re worried about the possibility of a local ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rtev on Jan 7, 2023 \| parent \| context \| favorite \| on: What We Do in the /etc/shadow – Cryptography with ... That WAF needs to be tuned. If they’re worried about the possibility of a local file read that can disclose /etc/shadow, there are much bigger issues.

thayne on Jan 7, 2023 [–]

Or it is defense in depth. Although blocking it even if the / is percent encoded seems a bit excessive, especially as a default.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact