[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Patch: konqueror form attacks
From: Thomas Zander <zander () planescape ! com>
Date: 2001-09-03 18:33:05
[Download RAW message or body]
On Mon, Sep 03, 2001 at 01:53:04PM +0200, Matthias Hoelzer-Kluepfel wrote:
> Hi,
>
> here is the patch I promised to do to prevent HTML form attacks in konqueror.
> What the patch does is to block http post actions to some known ports that
> you don't want to be the receiver of post actions. The list of ports is the
> one from netscape (according to Dirk), with some ports added per advice of
> our security guru (imap/SSL, pop3/SSL, ftps, telnets and irc).
>
> Please review the patch.
I do have cups, and it runs a webserver on port 631, this works fine. Does
this mean I can't control my jobs anymore from konq?
i.e.: http://www.cups.thomas.net:631/jobs?which_jobs=completed
(while this is a get request, you get the picture)
--
Thomas Zander zander@earthling.net
The only thing worse than failure is the fear of trying something new
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic