On Thu, 3 Feb 2000 Shockroat_private wrote: > I'm curious as to how this could be used in a malicious manner, as opposed to > just being an annoyance. I mean, god forbid, people should execute arbitrary > javascript on us. Yes, we've all seen the file upload form exploit and the > 1001 ways to crash Internet Explorer through infinite loops, but there's > nothing seriously harmful about this, am I right? Please correct me if I'm > wrong. > The SSL scenario is the most interesting point for me. Let us assume you are buying something from amazon.com using your credit card. You fill out all the forms and click on submit. Malicious code in this example would send your POST request to the intended secure server, but also could send another POST to a different server. If the second server is not SSL capable, a warning dialogue would be brought up. But if it is SSL capable, an unsuspecting user would never know. Other problems, which are probably nuisances, is that malicious code can obtain readable attributes and variables available in the browser object ( in javascript ) which might have info you do not wish to share. As far as non secure methods of communicating, since you are throwing you info out into the great void, you have nothing to hide, right? All in all, using the web is just as safe as crossing the street. Do it at your own risk... Rich
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:25 PDT