Home page logo
/

nanog logo nanog mailing list archives

Re: DNS Attacks
From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 21 Feb 2012 16:29:04 -0600

On Sun, Feb 19, 2012 at 4:59 AM, Ken Gilmour <ken.gilmour () gmail com> wrote:
What happens when the client sends a POST from a cached page on the end
user's machine? E.g. if they post login credentials. Of course, they'll get
the error page, but then you have confidential data in your logs and now
you have to protect highly confidential info, at least if you're in europe.

Either you don't log the data on the webserver,  or you notify the
user that the POST form data has now been posted, and display the link
to the public web page where their posted data now appears, on the
error page.

Once your user has shared "confidential" information unsolicited with
an unknown third party, and the general public,   the information's
confidentiality was spoiled by the act of posting, regardless of the
content of the information

-- 
-JH


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault