in reply to Hacking "explained"
in thread Filtering potentially dangerous URI schemas in <a href="...">
The scheme could be at least slightly improved without a total change though, by using information such as the user agent string and other headers from the HTTP request to influence the encryption, so that it would at least be more difficult to use stolen cookies.
(Note this is orthogonal to the Javascript banning question. Whether cookies get hardened is irrelevant to whether JS should be filtered.)
Makeshifts last the longest.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Hacking "explained"
by zigdon (Deacon) on Oct 22, 2002 at 13:07 UTC | |
by Aristotle (Chancellor) on Oct 22, 2002 at 13:22 UTC | |
Re: Re: Hacking "explained"
by Dog and Pony (Priest) on Oct 22, 2002 at 13:41 UTC | |
by Aristotle (Chancellor) on Oct 22, 2002 at 15:24 UTC |
In Section
Perl Monks Discussion