|
Full Disclosure
mailing list archives
Re: Tool Release - Tor Blocker
From: Bill Weiss <houdini+full-disclosure () clanspum net>
Date: Sat, 3 Jun 2006 23:22:41 +0000
Bill Weiss(houdini+full-disclosure () clanspum net)@Sat, Jun 03, 2006 at 11:15:58PM +0000:
3) I think you've just suggested giving a webpage (one which may be
hostile towards your goals) control over who can and cannot access your
web server. What happens if one day that CGI hands you a list containing
every IP in your /24? I know that, if I ran said webpage, I would be
tempted to do so every once in a while.
3b) A more crafty (less hostile) person at that webpage could just give
you a huge list. strcmp() over 1m list items on every webpage hit?
Sounds like fun!
--
Bill Weiss
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Tool Release - Tor Blocker Valdis . Kletnieks (Jun 02)
Re: Tool Release - Tor Blocker Tonnerre Lombard (Jun 03)
| 
Intro
