[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: javascript Security... the official word

To: javascript@obscure.org
Subject: Re: javascript Security... the official word
From: Don Moore <moore@futureone.com>
Date: Mon, 4 Mar 1996 15:55:17 -0700 (MST)
In-reply-to: <313B2758.1B70@advtel.net>
Reply-to: javascript@obscure.org
Sender: owner-javascript@obscure.org

uh can't you STILL get the referring page neways thru CGI, if so wots the 
point?


      .                 .
        ______ ______ .
     .:_\_ .  \\_ .  \_::.    Email: mindrape@goodnet.com
  . .::./ ./  // ./__/.:::. .         staheli@goodnet.com
     :_<_____/<____  >_:.       
     .             \/  .        WWW: http://www.futureone.com/~damaged

     Damaged Cybernetics



On Mon, 4 Mar 1996, Lance D. Braud wrote:

> Dan Petramala wrote:
> > 
> > On Fri, 1 Mar 1996 11:16:06 -0800, you wrote:
> > 
> > >"THE WORLD WIDE WEB SECURITY FAQ (Version 1.2.0, February 28 1996)"
> > >by Lincoln D. Stein <lstein@genome.wi.mit.edu>
> > >- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> 
> > 
> > 2)grab the previous page they are coming from (aka referring page)
> > 
> > I would quickly add code to my page to use such features, since these items
> > allow me to :
> 
> > 3) keep track of referring pages so that I can contact the admins there to
> > notify/thank them for the posting....
> > 
> 
> I think it would be great to do this also, but knowing the previous page may 
> be a problem in that it maybe a private URL that isn't supposed to be known. 
>  But that site should have security on it anyway (passwd), so as long as you 
> can't grab their cache I don't see a problem.  Paranoid Security people (like 
> the author of that announcement) would see a problem anyway and these are the 
> people you have to get around, eh?  <sigh>
> 
> Lance D. Braud
> lbraud@advtel.net
> --------------------------------------------------------------------
> For help about the list, please send a message to 'majordomo@obscure.org'
> with the message body 'help'. To unsubscribe, send a message to
> 'majordomo@obscure.org' with the message body 'unsubscribe javascript'.
> List archives and pointer to FAQ: http://www.obscure.org/javascript/
> 
--------------------------------------------------------------------
For help about the list, please send a message to 'majordomo@obscure.org'
with the message body 'help'. To unsubscribe, send a message to
'majordomo@obscure.org' with the message body 'unsubscribe javascript'.
List archives and pointer to FAQ: http://www.obscure.org/javascript/

References:
- Re: javascript Security... the official word
  - From: "Lance D. Braud" <lbraud@advtel.net>

Prev by Date: Come check out Tertius the Scribe
Next by Date: Testing for a variable
Previous by thread: Re: javascript Security... the official word
Next by thread: Re: javascript Security... the official word
Index(es):
- Date
- Thread