At 11:14 AM 11/15/2006, you wrote:
Is it possible to display a different URL than the actual site that
the browser is contacting in the address portion of a browser? I
had thought the only options for the URL were either the actual
site, or the proxy server site in the instance where you are using a proxy.
I'm asking this as a security question. If a user gets an email and
clicks on a link (the HREF can say anything it wants), is it
possible to have the browser show
<http://www.citibank.com>http://www.citibank.com in the address bar
when it's really connected to some Chinese malware site?
I know that there are exploits out there for IE, but lets assume
I've got fully patched IE or Firefox and that we don't have some
bizarre DNS tainting or the like going on.
There's a 'trick' if you will that LOOKS like a address bar.
basically some Java script that makes the browser go to full screen,
then basically has a JPG / GIF on top of a fake address bar.
Or even java script that 'looks' like the address bar, and is clickable.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
