[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] Re: XInclude: security risk 1
> Once a local user has loaded this into a web browser from behind the > firewall, the original host site or some other remote site can easily > determine whether some document exists on some server that would not > normally be accessible to it. Interesting idea. It would be easy, for example, for an adversary to determine the system type by looking for things like /linux vs C:\PROGRA~1. Knowing that would help them attack. /r$
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|