On Feb 20, 2008, at 21:49, Mark Baker wrote:
On 2/20/08, Henri Sivonen <[EMAIL PROTECTED]> wrote:
What changes is that the browser in on the other side of the firewall
unlike curl or an open proxy.
Hmm, good point. Come to think of it, we've discussed this before.
But in that case, the attack is upon firewalls, not broken servers.
No, in that case the attack scenario is upon a broken intranet server
that the attacker couldn't reach from outside the firewall but can
from a browser that runs inside the firewall but has loaded scripts
from the outside.
--
Henri Sivonen
[EMAIL PROTECTED]
http://hsivonen.iki.fi/
