> > On the other hand, are we worried about all access to private IPs, > or just form > posts? Doing something more limited with the latter (in particular > hanging an > nsIPrincipal off their nsIInterfaceRequestor) might not be that > invasive...
Post would be helpful, but there have been other protocol attacks (for example using FTP). The redesign might be something we could do in "mozilla 2". It is a bunch of work.. probably too much... but this will reduce, possibly zero, our vulnerability to Princeton style attacks. Doug _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
