Lists Home |
Date Index |
On Tuesday 12 February 2002 12:01 am, Paul Prescod wrote:
> > Actually, the above is bogus because the URI has gone from being
> > opaque to encoding application state (to those that understand the
> > application) and you may or may not wish to disclose that to an
> > intermediary.
> Really? Here's one from Expedia. It's half-way through a
> transaction. Please tell me what the details of the transaction:
If I was an intermediary and I understood the application, I bet I
could tell you *exactly* what that meant, to the point that I'd
probably be able to replay the bits...
I'm surprised there haven't been more attacks on the www...
where through DNS spoofing I'd redirect all traffic through a
transparent proxy temporarily.