[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Patch: konqueror form attacks
From:       Thomas Zander <zander () planescape ! com>
Date:       2001-09-03 18:33:05
[Download RAW message or body]


On Mon, Sep 03, 2001 at 01:53:04PM +0200, Matthias Hoelzer-Kluepfel wrote:
> Hi,
> 
> here is the patch I promised to do to prevent HTML form attacks in konqueror. 
> What the patch does is to block http post actions to some known ports that 
> you don't want to be the receiver of post actions. The list of ports is the 
> one from netscape (according to Dirk), with some ports added per advice of 
> our security guru (imap/SSL, pop3/SSL, ftps, telnets and irc).
> 
> Please review the patch.

I do have cups, and it runs a webserver on port 631, this works fine. Does
this mean I can't control my jobs anymore from konq?

i.e.: http://www.cups.thomas.net:631/jobs?which_jobs=completed

(while this is a get request, you get the picture)

-- 
Thomas Zander                                            zander@earthling.net
The only thing worse than failure is the fear of trying something new

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]