Re: [cors] Review

Re-sending from the right address.

Adam


2009/6/17 Adam Barth <adam@adambarth.com>:
> 2009/6/17 Anne van Kesteren <annevk@opera.com>:
>> On Wed, 17 Jun 2009 16:35:13 +0200, Tyler Close <tyler.close@gmail.com> wrote:
>>> Isn't it already possible to forge the IP address
>>> on a HTTP request to a web site, especially if you don't need to get
>>> the answer?
>>
>> I don't know.
>
> I'd classify this as moderately difficult. It's not something I can do for $5, but given a few hundred dollars, I can probably do it. Recall that sending an HTTP request requires a full TCP handshake, so its not as easy as SYN flooding.
>
> Adam
>

Received on Wednesday, 17 June 2009 18:07:17 UTC