- From: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Date: Fri, 17 Jan 2014 11:18:16 +0100
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: "Gabriel Montenegro" <gabriel.montenegro@microsoft.com>, "Nicolas Mailhot" <nicolas.mailhot@laposte.net>, "Zhong Yu" <zhong.j.yu@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>, "Osama Mazahir" <osamam@microsoft.com>, "Dave Thaler" <dthaler@microsoft.com>, "Mike Bishop" <michael.bishop@microsoft.com>, "Matthew Cox" <macox@microsoft.com>
Le Jeu 16 janvier 2014 22:32, Julian Reschke a écrit : > A proxy does not need to normalize. Full stop. There is no issue here, A security proxy does need to normalize. Full stop. Otherwise malware can trivially bypass security blocks by fuzzing encoding enough the proxy does not realize anymore the block needs to be applied. -- Nicolas Mailhot
Received on Friday, 17 January 2014 10:18:47 UTC