I applied a rewrite rule as shown here https://blog.paranoidpenguin.net/2018/12/how-to-remove-facebooks-fbclid-parameter-using-mod_rewrite-on-apache-2-4/
So now facebook links will work. >> Wouldn't accepting parameters from others pose a security problem? I >> tend to think it expands the attack surface. On 2020-09-10 00:10, Cedric De Vroey wrote: > No it doesn't really, as long as you use named parameters, and as long > as you implement proper sanitation on those parameters you should be > fine from a security perspective. I agree if you mean just adding this one extra parameter. I disagree if you mean allowing any extra parameters. Checking that the parameter match our allowable list is part of a good defense in depth strategy. By triggering this check, we know the person is an attacker, and can use that information as part of our defense. > However, there are privacy concerns > that could be made over this practice since it could be used to track users. > This looks like an attempt to bypass the EU cookie law. -- Regards, Ken Fallon http://kenfallon.com http://hackerpublicradio.org/correspondents.php?hostid=30
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Hpr mailing list Hpr@hackerpublicradio.org http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org
