Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: http-cors, new NSE script for detecting cross-origin http access
From: David Fifield <david () bamsoftware com>
Date: Mon, 3 Oct 2011 23:28:43 -0700

On Sat, Jun 18, 2011 at 06:44:35PM +0300, Toni Ruottu wrote:
To clarify a bit, you would not want your intranet services to be
cross-origin accessible, as any one of your users websites could in
that case access them. For example you do not want to provide an
interfaces that lets evilhaxor.net modify your firewall settings. In
most cases it is perfectly ok for world readable/writable interfaces
to be cross-origin accessible.

This script is a nice idea. It's like http-methods for cross-origin
requests. I've committed it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • Re: http-cors, new NSE script for detecting cross-origin http access David Fifield (Oct 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]