W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [cors] Review

From: Adam Barth <w3c@adambarth.com>
Date: Wed, 17 Jun 2009 11:06:41 -0700
Message-ID: <7789133a0906171106k16ff6b23u8d50659ad0c06693@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: Tyler Close <tyler.close@gmail.com>, Mark Nottingham <mnot@mnot.net>, public-webapps <public-webapps@w3.org>
Re-sending from the right address.

Adam


2009/6/17 Adam Barth <adam@adambarth.com>:
> 2009/6/17 Anne van Kesteren <annevk@opera.com>:
>> On Wed, 17 Jun 2009 16:35:13 +0200, Tyler Close <tyler.close@gmail.com> wrote:
>>> Isn't it already possible to forge the IP address
>>> on a HTTP request to a web site, especially if you don't need to get
>>> the answer?
>>
>> I don't know.
>
> I'd classify this as moderately difficult. It's not something I can do for $5, but given a few hundred dollars, I can probably do it. Recall that sending an HTTP request requires a full TCP handshake, so its not as easy as SYN flooding.
>
> Adam
>
Received on Wednesday, 17 June 2009 18:07:17 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT