Re: Cross-site Scripting prevention with Apache::TaintRequest

[João Pedro Gonçalves]

The most common way to abuse is through cookie hijacking,

If an attacker  sends an email to a user's webmail account, that
is vulnerable to cross side scripting and the users
opens the message, the attacker would get the user's
session cookies and read the user's email.

There are several attacks already reported in bugtraq,
go check
http://www.securityfocus.com/

JP



On Thu, 2002-01-24 at 07:50, Arnold van Kampen wrote:
 
 
 Does anybody have an example(s) of how this kind of abuse is actually
 working?
 
 All the time I have just been lucky then I guess. 
 
 Arnold van Kampen
 
 
 On Tue, 22 Jan 2002, Perrin Harkins wrote:
 
   Yes and no. XSS attacks are possible on old browsers, when the charset is
  not
   set (something which is often the case with modperl apps) and when the
   HTML-escaping bit does not match what certain browsers accept as markup.
  
  Of course I set the charset, but I didn't know that might not be enough.
  Does anyone know if Apache::Util::escape_html() and HTML::Entities::encode()
  are safe?
  
  - Perrin
  
 
-- 
João Pedro Gonçalves
'I have never let my schooling interfere with my education.'
- Mark Twain

Re: detecting ssl

[João Pedro Gonçalves]

This approach should be ok:

my $s = $r-lookup_uri($r-uri);
my $ssl = $s-subprocess_env('HTTPS');   

I looked at this a while back and this is usually set internally
in apache by the ssl implementation.

João Pedro

brian moseley wrote:
 
 warning: these may be silly questions. but i've looked
 through the guide and not found the answers, so hopefully
 they're not that silly.
 
 how can i test in a content handler if the request was
 received over an ssl connection? do i have to look for an
 environment variable? is there a test that works with all
 the various ssl modules? is there a standard ssl
 interface? if so, where is it documented?
 
 thanks!