Re[2]: The Dangers of Allowing Users to Post Images

From: Alexander K. Yezhov (adminat_private)
Date: Fri Jun 15 2001 - 11:52:40 PDT

Next message: Peter W: "Re: The Dangers of Allowing Users to Post Images"

Previous message: Peter van Dijk: "Re: OpenBSD 2.9,2.8 local root compromise"
In reply to: Richard M. Smith: "RE: The Dangers of Allowing Users to Post Images"
Next in thread: Ben Gollmer: "Re: The Dangers of Allowing Users to Post Images"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Following upon the letter of Friday, June 15, 2001:

RMS> This  is  a  *very* interesting finding. It seems kind of obvious
RMS> too. I wonder why no one seems to have run across it before.

It  reminds me "Client Side Trojans" thread. Also similar problem with
authorization  have  been  described  at  tools-on.net  ("Web and your
privacy"  section). The problem is that once authorised you don't have
to  enter  password  again  if  you are redirected to some form inside
protected (via .htaccess, cookie, etc) area.

Best regards, Alexander                           

---------------------------------------------------------------
            MCP+I, MCSE, BrainBench certificates
            http://leader.ru http://tools-on.net
---------------------------------------------------------------

Next message: Peter W: "Re: The Dangers of Allowing Users to Post Images"
Previous message: Peter van Dijk: "Re: OpenBSD 2.9,2.8 local root compromise"
In reply to: Richard M. Smith: "RE: The Dangers of Allowing Users to Post Images"
Next in thread: Ben Gollmer: "Re: The Dangers of Allowing Users to Post Images"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 16 2001 - 12:03:56 PDT