So, if I understand correctly, part of the body was
sent after the 401 response (that which was in the
send buffer already), and the remainder was sent
after the authentication header was sent?
This is weird. It means that the server accepted the
(invalid) data that was sent after a
non-authenticated request. This smells like a
security vulnerability. Or am I misunderstanding it?
-dZ.
>------- Original Message -------
>From : Arno Garrels[mailto:[EMAIL PROTECTED]
>Sent : 9/23/2008 2:25:24 PM
>To : twsocket@elists.org
>Cc :
>Subject : RE: Re: [twsocket] Early web server response
>
>Arno Garrels wrote:
> 3) IE then sends just the header with the
credentials and continues
> posting the rest of the data.
:-) Should read "IE then sends just the header with
credentials and continues
posting remaining data."
--
Arno
--
To unsubscribe or change your settings for TWSocket
mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
