Home page logo
/

basics logo Security Basics mailing list archives

Re: #include file tag in HTML: possible issues?
From: pg_vlad () hotmail com
Date: 13 Jan 2006 21:26:43 -0000

This doesn't sound like a good practice from any standpoint. What language are we talking about here? Interpreted, or 
compiled? I think the chances of a malicious #include insertion could be lessened in a compiled application, it would 
be possible to do so from an interpreted application as well, though I personally would avoid this type behaviour at 
all costs. I think the time needed to redeploy the new #include would offset a malicious use of it and then trying to 
play cleanup.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]