On Wed, 17 Jun 2009 07:41:42 +0200, Tyler Close <tyler.close@gmail.com> wrote: > One solution is: > > 1. Don't add any client credentials to requests. > 2. Allow the script to use whatever HTTP method, headers and request > entity it wants, restricting use of some headers, such as Referer. > > This leaves resources relying solely on a firewall for authentication > vulnerable. It also leaves sites vulnerable that do IP-based authentication. -- Anne van Kesteren http://annevankesteren.nl/Received on Wednesday, 17 June 2009 07:15:54 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT