Penetration Testing mailing list archives
Re: stupid IE7 question
From: Tim <tim-pentest () sentinelchicken org>
Date: Wed, 13 Dec 2006 06:45:17 -0500
It has several drawbacks, to name only some that come in mind: * local browsing history * possible proxies * cached sites * web server logs * possible bookmarks * possible links containing sensitive information, sent by it's users * possible XSS vulns become _really_ powerful
Also, don't forget referrers. If your site has sensitive info in the URL, and you link to any other site (or someone controlling content on your site does), then users who click that link will unwittingly give away that sensitive information to the third party. Like dork () gmx at said, there are lots of reasons not to do this. It doesn't matter what browser is being used, the design sounds flawed. tim ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- stupid IE7 question jas1 (Dec 12)
- Re: stupid IE7 question dork (Dec 12)
- Re: stupid IE7 question Tim (Dec 13)
- Re: stupid IE7 question Schanulleke (Dec 12)
- RE: stupid IE7 question Debasis Mohanty (Dec 12)
- Re: stupid IE7 question dork (Dec 12)