Network Security: Detailed info on Re: stupid IE7 question

Subject:	Re: stupid IE7 question
Date:	Wed, 13 Dec 2006 06:45:17 -0500

It has several drawbacks, to  
name only some that come in mind:
 * local browsing history
 * possible proxies
 * cached sites
 * web server logs
 * possible bookmarks
 * possible links containing sensitive information, sent by it's users
 * possible XSS vulns become _really_ powerful


Also, don't forget referrers.  If your site has sensitive info in the
URL, and you link to any other site (or someone controlling content on
your site does), then users who click that link will unwittingly give
away that sensitive information to the third party.

Like dork@gmx.at said, there are lots of reasons not to do this.  It
doesn't matter what browser is being used, the design sounds flawed.

tim

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
stupid IE7 question, jas1 Re: stupid IE7 question, Schanulleke Re: stupid IE7 question, dork Re: stupid IE7 question, Tim <= RE: stupid IE7 question, Debasis Mohanty

Previous by Date:	Re: IP Location database like IP2Location.com, Jeremy Saintot
Next by Date:	Re: Pen-testing - pricing model, Davide Carnevali
Previous by Thread:	Re: stupid IE7 question, dork
Next by Thread:	RE: stupid IE7 question, Debasis Mohanty
Indexes:	[Date] [Thread] [Top] [All Lists]