Cristian Marchionni wrote: >but i have at least one question: >what do you mean for "strong consistency checking to avoid security issue"? Any script that acts on data that is included in a URL has the potential to be a target for "hijacking" by hackers, who can create links on their pages that point to your script, and pass it a URL that might include information that would exploit various behaviours in browsers that might expose information to 3rd parties. It's possible that a redirect script could be exploited to expose cookies meant for your site to some other site. I don't want to overstate the problem, because it might be fairly obscure, but you can write a redirect script in about 4 or 5 lines without doing any checking, but figuring out what your exposures might be, and fixing them, could be a lot more complicated. Here are some links discussing Cross Site Scripting Security Issues: http://www.cert.org/advisories/CA-2000-02.html http://support.microsoft.com/support/kb/articles/Q252/9/85.ASP Aengus ------------------------------------------------------------------------ This is the analog-help mailing list. To unsubscribe from this mailing list, send mail to [EMAIL PROTECTED] with "unsubscribe" in the main BODY OF THE MESSAGE. List archived at http://www.mail-archive.com/[email protected]/ ------------------------------------------------------------------------
