FUD about resource forks on servers?
I just stumbled across this link claiming there were Security issues with Forks on web servers.
Basically, it talks about the special syntax that lets you view the HFS resource fork of a file from terminal by writing /path/to/file/..namedfork/rsrc, and the data fork by writing /path/to/file/..namedfork/data. Since that works by essentially treating the file as a folder containing two other files, resource and data fork, it may supposedly confuse Apache and other command-line tools, who won't notice that the forks are the same as the files...
Oddly enough, when I tried this on one of my Macs, it didn't work. When I specified only one dot, I got the same PHP file as when using the real URL, however PHP still triggered and executed the script. (the request URL was different, of course, but that's all) So, either Apple fixed this, or it's only a problem with other apps besides Apache ... or it's just FUD?
Can anyone confirm/deny either of that?
Update: Okay, David Steinbrunner just let me know that he remembers that Apple patched this hole about a month ago. So that's why it didn't work for me. I for one, welcome our new Security Software Update overlords...